Podcasts
Caveat
Ep 289
Caveat 12.18.25
Ep 289 | 12.18.25

Cyber lessons from the frontlines.

Show Notes
Transcript

Dave Bittner: Hello everyone, and welcome to "Caveat," N2K CyberWire's privacy, surveillance, law, and policy podcast. I'm Dave Bittner and joining me is my cohost Ben Yelin from the University of Maryland Center for Cyber Health and Hazard Strategies. Hey, there Ben.

 

Ben Yelin: Hello Dave.

 

Dave Bittner: On today's show we welcome back Caleb Barlow. He is a regular friend of the show and cybersecurity expert. We're looking at lessons learned from the conflicts in Ukraine and Gaza, specifically threats to GPS. While this show covers legal topics and Ben is a lawyer, the views expressed do not constitute legal advice or official legal advice on any of the topics we cover, please contact your attorney. [ Music ] Alright, well as I said, it is my pleasure to welcome Caleb Barlow back to the show. Caleb, great to have you.

 

Caleb Barlow: Oh, it's always good to be here guys. How you doing?

 

Dave Bittner: Doing well, thanks. Doing well. So, let's jump right in here, can you give us a little bit of a high-level thesis here of what has generated your concerns with our topic for today Caleb?

 

Caleb Barlow: Well, if we look at what's been happening in Gaza and Ukraine and we talk about, you know, the jamming that's occurred with the global navigation satellite system or GNSS, or honestly what most of us probably more routinely refer to is just GPS, you know, the jamming occurs because obviously if a missile or a drone is coming at you, one of the more effective ways to prevent that from hitting its target, is to jam it. Now, jamming historically was something that, you know, we talk about but it, you know, there are fewer examples of like there was a ship in the Middle East that was jammed a few years back and someone spoofed it and made it appear at a different location, but it wasn't something really mainstream. There were also a few examples of like truckers putting jammers, you know, in their cabs, really kind of low, short distance jammers so that, you know, maybe the trucking company couldn't track where they were, and of course they drive by an airport and cause all kinds of problems. But, I-and these are true stories, right? But these things were pretty limited in their scope. Now, here's the backdrop here and this, you know, like all things, you know, that we don't understand, I think the legal framework on this in the United States was just don't allow it. In fact, it is illegal to even own a jammer let alone to use it, which is very different than most other things we think about. But the second thing is, like we're going to need to experiment with this, not only to protect ourselves you know in future conflicts, but also we've got to realize that GPS timing is used for things like stock trades, synchronizing the energy grid, crypto currency trading, like there is a parade of horribles that can occur if, you know, as dependent as we are on this GPS timing signal, because remember this is not just used for where am I? It's also used for exactly what time is it?

 

Ben Yelin: I think that's relevant in sports gambling as well by the way. I just have to throw that in there.

 

Caleb Barlow: Actually, it probably is.

 

Ben Yelin: Yeah.

 

Dave Bittner: Really?

 

Ben Yelin: Yelin: Because like it's very important, sometimes the TV broadcast is 2 or 3 seconds behind which can give people an advantage in sports gambling if you're guessing what the next play is. So, I-I'm sure that plays a role. Yeah.

 

Caleb Barlow: Well, I'll give you one example that I think is really fascinating that most people don't think about. So, you know, I'm going to get a little geeky here, but you know, the electrical current, generally speaking in the United States, is alternating current, meaning it's a sinusoidal wave, right? So, think of a wave going on a beach. Well, if you have generation plants at different locations, maybe you know, one is a 100 miles away from another, they have to be in sync as they put electricity onto the grid. Now, you know, think about a wave on the beach, right, if you have a peak of a wave and a trough of a wave, they cancel each other out if they hit at the same time. But if you have a peak of a wave and a peak of a wave and they hit each other at the same time, you get a very large rogue wave. Well, metaphorically speaking, the exact same thing can happen on the energy grid. If when another, you know, generation station joins the grid and is not completely in exact sync with what's going on in the grid and GPS timing, or GNSS timing, is what's used in many cases to make sure the grid is in sync.

 

Dave Bittner: Can we just backup a little bit Caleb here? And maybe I'll put on the spot a little bit on some of the history of GPS. I mean, I remember my old CyberWire colleague, John Petrick who was a former West Point professor talking about how basically the Gulf War was the first time in history that a fighting force knew exactly where it was, because that was the first time that a conflict-a major conflict had occurred since the GPS system was put in place. And we sort of take it for granted now, because-am I correct that there was a point where the military loosened up their encryption on it to make it more generally accessible to the public?

 

Caleb Barlow: Yeah. They used to dither it. So, what would typically happen, like let's say we're a land surveyor, you know, doing a survey of a plot of land that was about to be sold, you know, and you needed exact coordinates, you would use the GPS, but what you would do is you would sync that to a known land-based tower that had exact coordinates that didn't move to see what the military dither was on any given day, and the dither could be, you know, a couple hundred feet, you know, think about it. Like if a missile hits a few hundred feet away, probably misses the troops, right? So, you know, over time as we as a society became more dependent on the GPS signal and frankly became more relevant for our day-to-day lives rather than the military, they removed the dither. I'm assuming they've got the ability to put that back in if they need to, but you know, what's happening at least in the case in Ukraine is we're not only seeing places where, you know, not-you know, the GPS signal disappears because it's a very weak signal, right? To overpower this thing, you know, you could do this with a small handheld device powered by batteries, or and what's even scarier is, you know, you're spoofing it. So, you're over powering it giving it a different location or different timing causing all kinds of adverse effects.

 

Dave Bittner: Yeah, we've reported on stories over on the CyberWire about how allegedly the Russians routinely spoofed GPS when President Putin is traveling. So, wherever he is it's hard to get a lock on precise coordinates.

 

Caleb Barlow: Well, I have actually had an interesting case study in this personally. I'll use the word "victim" although I wasn't victimized in anyway, but I actually saw this firsthand, so in the middle of the conflict in Israel, in the very early days of this, so this was probably like January, you know, when the-when things first occurred in October, I flew to Tel Aviv, and I had an air tag in my bag and anyone that's ever been in the Tel Aviv airport knows, you know, you land, you go through multiple layers of security, and then you stand around sometimes for an hour waiting for your bag.

 

Ben Yelin: Sounds pretty miserable.

 

Caleb Barlow: Yeah, well you know, welcome to going to Tel Aviv, right?

 

Ben Yelin: Right.

 

Caleb Barlow: So, I'm standing around waiting for my bag, nothing's coming out. Finally, you know, you see everybody's bags come out, mine's not there, I'm like "Oh, great here we go." And I'm like "Oh, wait! I've got an air tag in there." So, I pullout the air tag and I see it and it's in an airport and clearly moving down the tarmac. I'm like "Oh, okay. I'm fine." And then I realize it's at the Beirut airport.

 

Ben Yelin: Oh, god.

 

Caleb Barlow: And I'm like, "Oh, crap. I'm never going to see that bag again." So, I go over to, you know, the desk like you know where Delta Airlines has its little desk with the baggage guy, and I'm like, "Hey, my bag is gone." He's like, "How do you know that?" I'm like, "Look." And he laughs at me. He goes, "Oh, it will be out in 30 seconds." I'm like, "What?" He goes, "Yeah. We spoof it." And sure enough, out pops my bag. Now, to do that it's pretty sophisticated, because you know this is an Apple service that dependent on not just GPS, but other things. Later that same week, we're driving to the office and we happen to pass a-what I think was an Israeli military complex, and all of a sudden I'm looking at the map in my friend's car that's driving and the map shows that we're driving through Egypt. I'm like, "We're not in Egypt right now." But literally, it's tracking right along like we're driving down a highway in Egypt. So, my point is, this is no longer the story of alleged rare occurrences. This is occurring regularly during these conflicts.

 

Dave Bittner: I have witnessed it in-person with the presidential motorcade where.

 

Caleb Barlow: Um, oh you see [multiple speakers] see within the D.C. area, right?

 

Dave Bittner: Yeah. Yeah, where you know the long line of Black Suburbans with so many antennas on the roof, they look like a porcupine comes by and.

 

Caleb Barlow: So, what does that do to your like, your device? How does that impact you?

 

Dave Bittner: They basically go dead.

 

Caleb Barlow: Yeah.

 

Dave Bittner: Like your radio, your Internet, your-if you're on a phone call when the go by it just gets dropped, everything just goes dark including GPS, because they've just-they're creating this bubble around the person they're protecting which you can understand and I guess is justifiable in this case, but kind of to your point Caleb, I'd hate to be on final approach at National Airport [brief laughter]. [inaudible 00:09:46]

 

Ben Yelin: Whoops!

 

Caleb Barlow: Exactly.

 

Dave Bittner: Yeah. Right?

 

Caleb Barlow: Or, you know, even something more benign, you drive by a power substation that for some reason is the middle of syncing it's, you know, syncing to the grid; the implications are huge. Now, it's really easy to talk about the negative side of this, right? But there is-there are two offensive reasons why we really need to understand more about GPS jamming and how to use it. One, is obviously in wartime, this can be an important tool, but the second thing in peace time, is drones. And I'm more talking about nuisance drones, not like the ones that are run by fiberoptic and things like that that don't have any RF. But, you know, let's say we've got a stadium full of people or a large event where, you know, we don't really want drones flying over the top of it, and you know those may even be, you know, just nuisance drones that, you know, 14-year-old got a drone for Christmas and decide to fly it over an NFL stadium during a game. This is happening routinely. You need a way to bring that drone to the ground. Now, you know, there are right now the kind of the state of the art is to monitor it, and there's pretty sophisticated tools to figure out where the drone operator is. You know, use kind of directional antennas and figure out where that signal is coming from, or intercept the signal and figure out where it's coming from, but let's say that drone is carrying a payload, or let's say it's a swarm of drones, you know, we're not far away from this issue. It certainly occurred in Ukraine and Gaza. How are we're going to get to those drones on the ground safely? And one of the more effective tools, again, if it is more of a kind of a nuisance commercial drone, is to jam it and bring it to the ground.

 

Dave Bittner: Yeah, and I've seen, I guess, I don't know not so much demonstrations, but advertisements of that capability where you see people with what looks like a the antenna version of a bazooka, that you can aim at the drone and my.

 

Caleb Barlow: Just falls out of the sky?

 

Dave Bittner: Well, my understanding is it just overwhelms the electronics and the device.

 

Caleb Barlow: Right.

 

Dave Bittner: And it gives up and fall, you know, yeah, falls to the ground.

 

Caleb Barlow: Well, what it typically does is it goes back to its operator which is exactly, if you're law enforcement, that's exactly what you want to have happen.

 

Dave Bittner: Right. Right. Right.

 

Caleb Barlow: Is, you know, go back to where you started from and let's figure out where that operator is.

 

Dave Bittner: Um-hmm.

 

Caleb Barlow: Now, you know, look there are hundreds of ways to defeat GPS jamming, there's also people that are using various types of, you know, you know, EMF devices to actually kind of blow up the electronics in these things, but anything that involves drones, whether you jam it, whether you shoot it down, whether you catch it in a net, there are bad consequences that can occur, because these things can fall out of the sky. My point though is, we better start experimenting with this and figuring out what works, what techniques work for different types of attacks, because the current state of the art is, you can't even own one of these jammers, you can't even basically do research on this stuff. And that's really problematic in my view in the long run.

 

Dave Bittner: Well, and then don't you assume that the powers that be have these capabilities, the military and perhaps even law enforcement?

 

Caleb Barlow: Oh, of course they do.

 

Dave Bittner: They're authorized, yeah.

 

Caleb Barlow: Sure, of course. But if you look at where is the innovation occurring, it's largely occurring outside of the United States.

 

Ben Yelin: So, if there is some sort of safe harbor provision for in the private sector, where whatever legal punishment there is for owning one of these devices, and I don't know, do you know what it is? I mean, I assume.

 

Caleb Barlow: I have no idea what it is, but I'm assuming it's probably pretty bad.

 

Ben Yelin: Yeah, I would have to guess so. Like what if there is an exception in the statute for a sandbox or some type of research tool to use this for research purposes and that's a carve out from the general ban? I guess that's something that you think would solve this problem or is that a slippery slope, because adversaries could say, "Oh, we were just using it for research purposes."

 

Caleb Barlow: I think the answer to your question is yes on both accounts, right? Which is what, you know, I mean this is you usually come to one of these shows and you want to have the answers. I don't think I've got the answers on this one. I just think we better start experimenting. Because, you know, the other thing we've got to deal with here is like, there's real-you know, here's the other side of this, right? GPS jamming occurred in two major conflicts in the world very recently. The odds of GPS jamming devices, which could affect timing, showing up in lower Manhattan over the next t10 years are a 100%. Now, that could literally be a trucker just trying not to be tracked, it could be someone trying to take down a drone whether it's legal or not, but we better start understanding how we harden the systems that are dependent on this timing signal, and there's a bunch of strategies for that too, right? Like, you can have an offline timing device that only updates, you know, on occasion or is checking its kind of reference time to the time it's getting from the satellite. You know, there's a lot of different techniques to use with this, but I think we better really start to figure out how to harden any place we're using this technology. [ Music ]

 

Dave Bittner: Now, it's my understanding that the U.S.'s version of GPS is not the only game in town-that the Russians have their own version which is available for use, so I think you can set your iPhone to look at that one.

 

Caleb Barlow: Not only is it available, I mean, I use it. It works, you know, because here is the thing, the more satellites you have on your device, the more accurate your GPS location is. So, you know, I'm a big mariner, I'm always out fishing and boating and, you know, I turn on the Russian satellites as well, because it just-if I have, you know, if I'm pulling a location off of 3 satellites, that's going to be okay, if I'm pulling the location of 10 satellites, that's going to be fantastic, you know, in terms of me knowing exactly where I am.

 

Dave Bittner: Are there, to your knowledge, like alternative systems that, you know, aren't orbital?

 

Caleb Barlow: Well, I mean I think this is what people are really starting to think and talk about, yeah, particularly around syncing let's say the energy grid, cell phone towers, or high-frequency trading, is maybe I'm still using the satellite as my reference point, but maybe I have a backup and some means of detecting that that signal is being spoofed or has become unavailable.

 

Dave Bittner: You mentioned that we've seen active use of this in the conflicts in both Ukraine and Gaza; do you have any specific stories to share about the use over there?

 

Caleb Barlow: Well, I mean I think the, you know, first of all, I think what we have to recognize in Gaza and Ukraine is these were the conflicts, you know, the big story coming out of these conflicts aside from all the carnage and everything else, is the use of drones. And in this case, we're not talking about, you know, predator drones that are flying at 30,000 feet; we're talking about handheld drones that are maybe carrying a 5 kilogram payload. And, you know, if you look on the Internet you can see really good examples of these drones tracking down troops and going after them individual. Probably, the most impressive example is Operation Spider's Web, where you know, the Ukrainians launched a series of drones that went and attacked, you know, Russian strategic bombers and that attack has been broken down into intimate detail, you know, there's a whole who done it story. I think it was either in the Washington Post or the New York Times over the last week or two, that broke it down, as well as there's actually videos and pictures of this. Now, what is interesting about that is they needed to work their way around jamming. And, you know, what they did in this case was at various points in the attack, the drone was autonomous and other points it was operated by an operator, but they knew that the radio frequencies they were on would be jammed, so they switched over to 5G cellular and actually flew them in allegedly using 5G cellular. So, you know, that story is a really interesting read because it's a story not only of the jamming techniques in place around these Russian bombers, but also the methodologies the Ukrainians used to get around it.

 

Dave Bittner: So, I think it's fair to say that this is a part of warfare that's here to stay.

 

Caleb Barlow: Oh, I think it's absolutely a part of warfare that's here to stay, but we again have to recognize that, you know, if we look at attacks that have occurred on the homeland historically, in more of a commercial or civilian setting, the biggest issue was always either the access to the supply chain or the lack of imagination. In this case, we don't need the lack of imagination or the supply chain, you can order all the parts you need on Amazon or 3D print them and, you know, all the instructions in intimate detail of what's worked is available online.

 

Ben Yelin: So, I can deploy my own anti-jam antenna tomorrow?

 

Caleb Barlow: Oh, absolutely.

 

Ben Yelin: Yeah.

 

Caleb Barlow: Now, it would be highly illegal in the United States.

 

Ben Yelin: I'm not doing that!

 

Caleb Barlow: But you can totally do it.

 

Ben Yelin: For any law enforcement who might be listening to this.

 

Caleb Barlow: Well, no but here's the thing Ben, you could not only develop your own jammer, you could just as effectively develop your own drone and attach a really sophisticated payload to it. You know, which could be used to drop an incendiary device or maybe your drone is used to fly on the top of a trading floor and slowly over time spoof the timing signal. You know, if you spoof a timing signal on trading, I'm-I mean, I don't know what I'm talking about here, so fair disclaimer, but I would guess that if you spoof a timing signal on a high-frequency trading floor by milliseconds. You could probably create enormous profits off of that, or I think your betting example is just as interesting.

 

Ben Yelin: Right. I wonder if there are circuit breakers in place at like the major exchanges that, because we have circuit breakers for other things like?

 

Caleb Barlow: That's a great question.

 

Ben Yelin: Yeah.

 

Caleb Barlow: Maybe uh-maybe I should do some research on this?

 

Ben Yelin: Yeah.

 

Dave Bittner: I had considered the sports betting aspect of it, you know, something that in the old pre-digital days of broadcasting it was just about real-time for a signal to get to you even from a live sporting event, but in today's digital world, there's so many hops that that signal takes that, as you say, can be seconds even up to a minute between the live event and when it reaches you and that's a lot of time when you're betting on what's going to happen on the next play.

 

Ben Yelin: Right, and I know degenerate gamblers who will bet on what the next pitch will be at a baseball game and they're at the baseball game.

 

Dave Bittner: Um-hmm.

 

Ben Yelin: So, like there are advantages to be had from that.

 

Caleb Barlow: But, think of it this way, I've got to imagine the book that's taking that bet, has to also recognize the bet, you know, just the speed of traffic on the Internet could easily be-have a latency of, you know, 30 to 50 milliseconds. I bet they still want to take that bet.

 

Dave Bittner: Well.

 

Caleb Barlow: No pun intended, right?

 

Dave Bittner: Yeah.

 

Caleb Barlow: So, they probably have some way of timing it to know when the bet was placed.

 

Dave Bittner: And there-that somewhere in the small print there must be some agreement of what absolute time is for everyone, right? You know, and that they control what that is? Yeah, how interesting.

 

Caleb Barlow: Let's talk about this from a legal framework too, like what I think is so fascinating about this from a legal framework, is the legal framework historically a ton of sense; don't mess with these things, it's illegal to have anything that jams them, like pretty straightforward and simple, right? But now we're in a different world where we probably do need to open this up a little bit, now only so private enterprise can defend themselves where some of these tools might necessary and figure out what's appropriate use, like as an example, you know, Dave you mentioned the presidential motorcade. I mean, right now it's only federal law enforcement in very unique situations that can jam.

 

Dave Bittner: Right.

 

Caleb Barlow: Should state police be allowed to do that? I would argue in certain situations probably, but how do you build the protocol to do if it's illegal by federal law?

 

Ben Yelin: Right.

 

Caleb Barlow: Right now?

 

Dave Bittner: Yeah.

 

Ben Yelin: Like a state or, you know, a local law enforcement agency for civil unrest as an emergency measure? That's an interesting hypothetical.

 

Caleb Barlow: Actually, that's a great hypothetical. Like, you know, if there is a-if there is a large protest that needs to disburse, do you just take out cell phones and GPS for 10 to 15 minutes, destroy the ability to organize, it would probably disburse pretty quickly.

 

Ben Yelin: Yeah. This day in age, that's true. Yeah, I mean, I'm trying to analogize this to other things where our approach has moved from prohibition to harm reduction. I mean there's no like, there's no perfect metaphor here. But I think about things like prohibition of alcohol and drugs versus like setting up a safe needle site, right, where and this is extremely controversial, but like in this one spot you can't get prosecuted for using drugs, but we can assure that at this spot you will not get the communicable disease that comes from using an unsafe needle. So, like if there were some, and I don't know what-how that mechanism would manifest itself in these circumstances, but I'm just.

 

Caleb Barlow: I don't think that's a giant leap. Like, if we said, okay, over you know MetLife Stadium, when a certain event of a certain size is going to happen, you know, the entity reserves the right to jam GPS or that matter, potentially to jam a cell signal, I mean, from a safety perspective, if I was attending that event, I'm probably onboard with that. Now, if I owned a business in the immediate surrounding area, I'm probably going to want notice of that.

 

Ben Yelin: Right.

 

Dave Bittner: Um-hmm.

 

Caleb Barlow: To make, but you know, there's probably a way to do that that's very above board., like you just kind of know, "Oh, hey I'm near this stadium, like they're occasionally going to jam the GPS signal, probably a bad idea if I have my power substation right next to it."

 

Dave Bittner: You know, one thing you remind me of here Caleb, and this goes back a while, is I remember when GPS-when handheld portable GPS devices were pretty new, before we had them built into our phones.

 

Caleb Barlow: Our little Garmins.

 

Dave Bittner: Our little Garmins! Yeah. So, my understanding was part of the protocol that was built into them; an agreement that was built into them was that if you were going above a certain velocity, the GPS device would no longer tell you where you were. So, in other words, if you brought a GPS onboard an airplane with you, let's say the airplane goes over 150 miles an hour, the GPS stops functioning. And the reason for that was they were concerned about people putting consumer-grade GPS units on missiles.

 

Caleb Barlow: Yeah.

 

Dave Bittner: Like home rocketry, right? So, they said, well an easy way around this if you're going more than a certain speed, this device no longer works. So, my point is there are certain things that where you-I don't know if there were handshake agreements or if they were actually codified, that the manufacturers did to try to prevent certain perils that GPS presented historically.

 

Caleb Barlow: But, I mean, what's great about that example, right, is somebody at that time was worried about someone building a missile.

 

Dave Bittner: Um-hmm.

 

Caleb Barlow: Which has supply chain challenges, experimentation challenges, and electronic challenges to pull it off and-you know, if you were going to put a payload on a missile, right? But somebody thought about that and said, "Hey, we better not allow this." Now, you can go down to your local Best Buy, you know, get one of these things this afternoon, you can buy all kinds of gimbals, and mounts, and dropping devices and, you know, be dropping a payload over a prison or into an event venue, you know, this afternoon, right? Like, the gap for someone to cause harm with these things is so small now, that my point is, we better start thinking about the countermeasures in a much more robust way.

 

Dave Bittner: I'll share another story, back when I was in college which was around 1990 when dinosaurs rule the earth.

 

Caleb Barlow: I was right there with you man.

 

Dave Bittner: Ben, had you been born yet?

 

Ben Yelin: I was just about to rub it in. I mean, I don't get to do this very often because I'm also getting old, but I was 4.

 

Dave Bittner: Okay, fair enough, so.

 

Ben Yelin: Sorry.

 

Dave Bittner: When toddler Ben was wondering around bumping his head on furniture, I was in college and my roommate was very active in amateur radio, and one day we were taking a road trip together and I looked down in the console of his car, he was driving, and there was a little like Radio Shack project box that just had a little red button on it. And I was like, "Ken, what is that?" And he goes, "Oh, wait, I'll show you." And not long after that, a guy comes tearing past us in a, you know, 911, right, at high speed and my roommate Ken presses the button and the brake lights come on on the Porsche and he slows down right away. I said, "Ken, what did you just do?" He said, "It's a radar detector jammer."

 

Caleb Barlow: Oh, yeah.

 

Ben Yelin: Yeah.

 

Caleb Barlow: So, in midst the frequencies that a radar, that a police radar would have to give us the [inaudible 00:28:14]?

 

Dave Bittner: Yeah. But!

 

Caleb Barlow: Like, I love that.

 

Ben Yelin: Yeah.

 

Dave Bittner: But, the thing was that my roommate, Ken, was a real rules follower, right? And he said, "Funny story, because I'm an amateur radio operator, I am licensed to operate on these frequencies. So, as far as the FCC is concerned, I'm sending Morse code."

 

Caleb Barlow: Yeah, which probably was.

 

Dave Bittner: Right. Right.

 

Caleb Barlow: And having a little fun with it.

 

Dave Bittner: Yeah.

 

Caleb Barlow: I mean, here's the thing, right, what is great about that story is there is a value in both offense and defense to experimentation. And I think what we have to recognize is we've had a whole lot of experimentation in a military construct using both devices, in this case drones let's say, and using countermeasures in this case, GPS jamming, we better get that same level of experimentation going in the private sector pretty quickly or, you know, the only experimentations that is going to be occurring is on offense and I think that's a really bad idea.

 

Dave Bittner: How-let me pushback a little bit and ask, how do we make sure that we are properly calibrating our concerns here, that I could say, "Well, Caleb, airplanes aren't falling out of the sky," right?

 

Caleb Barlow: Yeah.

 

Dave Bittner: How do we be [brief laughter]-well, but how do we be sure that we're not being chicken little and that, you know, the folks who are tasked with protecting us from these sorts of things, are on the case and we're in good hands?

 

Caleb Barlow: Well, I mean I think the difference in this case is we're not talking about like security research where, you know, anybody can do it in their basement with a computer, right? We're talking about environments, we probably need a lab. You probably want to be doing this type of jamming and other experimentation behind a Gaussian shield, which is basically just a big piece of wire mesh to prevent your RF signal from leaking out. I think this is the perfect place for university research, right? Where they've got these types of facilities, they're going to document everything very ethically, they're going to follow all types of guidelines, like I do think there are plenty of places we could be doing this type of research in the United States. The challenge right now is the only place you're going to see this thing is abroad, obviously, a ton of research coming out on these technologies, coming out of Israel. There's a few companies in the UK, you know, the UK is a little different, you own the device, you just can't use it in the UK. You can actually even buy the device in the UK. You just can't use.

 

Ben Yelin: Just have it for display purposes in your house?

 

Caleb Barlow: I guess so.

 

Dave Bittner: Yeah. That's interesting, because I-just a side note, I too am a licensed amateur radio operator and.

 

Caleb Barlow: Learn something new every day about Mr. Bittner.

 

Dave Bittner: One of the differences is that folks in the UK are not allowed to listen to every available frequency. Like we are here.

 

Caleb Barlow: Really?

 

Dave Bittner: In the US. Yeah. Like if there is a ban that is reserved for military use, you can get in trouble for just tuning it in, where here in the US, the airwaves are considered open game for listening.

 

Caleb Barlow: Okay, but to your point, you can go out on Amazon right now whether you're an amateur radio operator or not, and you can buy a transceiver.

 

Dave Bittner: Yeah.

 

Caleb Barlow: So, transmit and receive that will broadcast across the.

 

Dave Bittner: Yes.

 

Caleb Barlow: Spectrum. Now, it is completely illegal if you do not have a license to be broadcasting on most of those frequencies, but you can buy the device. You cannot do the same thing, you know, I-what's the difference between that radio and a GPS jammer? Nothing.

 

Dave Bittner: Right.

 

Caleb Barlow: Right?

 

Dave Bittner: Right.

 

Caleb Barlow: But the GPS jammer is illegal though.

 

Dave Bittner: Yeah. Yeah, no I-and well and I will also point out that Amazon is not known for being particularly strict when it comes to policing the devices that they make available on their marketplace. So, it's not terribly difficult to get the things you need.

 

Caleb Barlow: Well, let's look at it a different way. As an amateur radio operator.

 

Dave Bittner: Yeah.

 

Caleb Barlow: If you wanted to tune in to a police frequency transmit and cause problems, you could do that all day long. It would take you 2 seconds.

 

Dave Bittner: Correct.

 

Caleb Barlow: Right?

 

Dave Bittner: Yeah. Sure.

 

Caleb Barlow: That hasn't been a problem over the last 50 years. It really has not been a problem. You know, so I think a little with this is probably a recalibration of how big of an issue is this to be experimenting particularly in isolated areas under controlled conditions and do we need to rethink it?

 

Dave Bittner: Well, let me close with another story that I think is very relevant and forgive our listeners if I've told this story before. Again, when I was in college and my roommate was an amateur radio operator, and I was a student at the University of Maryland where one of the nation's oldest private airports is located. It's a little airstrip for Cessnas and those sorts of things. This airport does not have a tower, but it does have remotely triggered lights for the landing fields. So, for a pilot if you're coming in at night, you basically key up on a certain frequency and that will toggle the landing strip lights on and you can key up on that frequency and then they will switch off. My roommate and his buddies at-in the ham radio club on campus, got a request from some of their contacts at the FCC that some yahoo was waiting near the airport as people were coming in on final approach at night, and as the plane was coming in, this person would key up on the frequency and turn off the runway lights.

 

Caleb Barlow: That was a gag in the movie "Airplane," you know that right?

 

Dave Bittner: Right, right!

 

Caleb Barlow: Yeah.

 

Dave Bittner: Right, exactly. But this was somebody who was doing it just because, you know, he was a jerk and thought it was funny.

 

Caleb Barlow: Yeah.

 

Dave Bittner: So, what the ham radio club folks did was, they organized what they call a "foxhunt," which is where they go out with directional antennas and they wait for this to happen and they triangulate where this person is and they got him.

 

Caleb Barlow: That's pretty [multiple speakers].

 

Dave Bittner: And the FCC came down hard on this person. So, I think it's a story that kind of perhaps encapsulates what you're talking about here. You have sort of a readily available common good that people are relying on for safety, you have somebody getting in the way of that, you got amateurs who are called into action to help come up with a solution to this, and they were successful. And you know, because they were-because they were licensing as amateur radio operators, they knew exactly how to do this sort of thing, and also considered it to be fun. So, I think it's an interesting maybe metaphor for some of the things we're talking about here.

 

Caleb Barlow: Your last point, they considered it to be fun, I mean, that's critical. In any kind of innovation, right, half the time whether we're talking offense or defense, it's about somebody having fun and having the ability to go experiment and figure things out.

 

Dave Bittner: Right. And if you're prohibited from even doing that, like you said, maybe our adversaries have the advantage.

 

Caleb Barlow: It's one of those perfect sandbox situations. Like, a safe place where you can experiment with the technology, but where everything is very tightly controlled and it won't have any real world impact.

 

Dave Bittner: Yeah. Yeah. It reminds me, I always-I had this fantasy when my kids were doing their little science projects, you know, for school where they have those little tri-cardboard, you know, setups that you do at the Science Fair?

 

Caleb Barlow: Oh, yeah, yeah.

 

Dave Bittner: Yeah, I always had this fantasy of having a thing setup and having part of it say, you know, "Because of the difficulty in acquiring weapons-grade plutonium, we have substituted standard uranium." See how long it took for anyone to notice.

 

Caleb Barlow: Just anybody to notice, yeah.

 

Dave Bittner: Right, anyway. So, Caleb what is to be done here? What do you think we should be doing to handle this situation?

 

Caleb Barlow: Well, what I love about this topic is the short answer is, I don't think any of us know. The part that I do know for sure is we do need to be doing a whole lot more experimentation and that experimentation could be better offense in the private sector, better defense in the private sector, or it could be just experimentation that leads to new technologies that are more robust and more secure down the road.

 

Dave Bittner: Caleb Barlow is a regular friend of our show here and a cybersecurity expert. Caleb, thanks so much for joining us. [ Music ] And that is "Caveat" brought to you by N2K CyberWire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to caveat@n2k.com. This episode is produced by Liz Stokes. Our executive producer is Jennifer Eiben. The show is mixed by Tré Hester. Peter Kilpe is our publisher. I'm Dave Bittner.

 

Ben Yelin: I'm Ben Yelin:

 

Dave Bittner: Thanks for listening. [ Music ]

Caveat
Podcast Info
HOST(S):
Dave Bittner
Ben Yelin
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Ben Yelin, JD, is the Program Director for Public Policy & External Affairs at the University of Maryland Center for Cyber Health and Hazard Strategies, where he consults public and private entities on homeland security, cybersecurity and emergency management policy. He is also an adjunct faculty member at the University of Maryland Francis King Carey School of Law, where he teaches courses on electronic surveillance and the Fourth Amendment.
Schedule: Wednesdays
Creator: N2K Networks, Inc.