Oh good, a kill switch

| Comments (4) | COMSEC SYSSEC
Wired reports that the DoD has taken delivery of three "special weapons observation remote reconnaissance direct action system" (SWORDS) robots. (Pretty tricky with those acronyms, guys!). Anyway, these are remote-controlled robots armed with M-249 machine guns.

Apparently these robots were uh, a bit flakey, but the manufacturers say they've got all the bugs worked out now:

The SWORDS -- modified versions of bomb-disposal robots used throughout Iraq -- were first declared ready for duty back in 2004. But concerns about safety kept the robots from being sent over the the battlefield. The machines had a tendency to spin out of control from time to time. That was an annoyance during ordnance-handling missions; no one wanted to contemplate the consequences during a firefight.

So the radio-controlled robots were retooled, for greater safety. In the past, weak signals would keep the robots from getting orders for as much as eight seconds -- a significant lag during combat. Now, the SWORDS won't act on a command, unless it's received right away. A three-part arming process -- with both physical and electronic safeties -- is required before firing. Most importantly, the machines now come with kill switches, in case there's any odd behavior. "So now we can kill the unit if it goes crazy," Zecca says.

OK, so ignoring the wisdom of starting from a platform which used to "spin out of control", I'm sort of interested in how the "kill switch" works. As far as I know, there are two basic ways to build a system like this:

  • Fail-unsafe. The kill command is just a separate command that tells the unit to shut down.
  • Fail-safe. The control unit regularly (or continuously) sends a signal. If the robot stops getting the signal it shuts down.

It should be pretty clear that if what you think there's a high likelihood that the robot's going to go nuts and you want to minimize the chance that it kills your own people, random civilians, their pets, etc., you probably want something that fails safe. This is especially true in view of the implication in this article that signal strength isn't always what you might like. You really don't want to have a situation where the robot is busy slaughtering innocent bystanders and you can't shut it down because your control unit is showing zero bars.

On the other hand, a fail-safe system is also much easier to DoS—it's probably more important when the system being DoSed is shooting your enemies than when it's serving up copies of Girls Gone Wild. All the attacker has to do is somehow jam your signal (and remember that since you probably want to have a cryptographically secured control channel, they only need to introduce enough errors to make the integrity checks fail). This makes the problem of designing the control channel a lot more difficult. I'd definitely be interested in hearing more about the design of the protocol for these gizmos.


I don't see why the anti-jamming techniques for this system would need to be any different from the techniques used for any other critical military communications system, whether between units on the ground (or in the air) or between, say, RPVs and their controllers. I assume that the communications protocol for this sort of system is typically layered, with the control protocol sitting on top of a (hopefully) reliable communications channel that does whatever anti-jamming voodoo it can. Is there any reason to do otherwise?

Well, the situation between people is of course different than communication with robots, since one hopes that the people in location A will use some judgement if cut off from location B. Robots, by contrast, don't typically show a lot of judgement. Yes, I would expect that the same techniques would be used with RPVs. However, I don't know that those techniques actually work against someone dedicated. Remember that RPVs are a fairly minor part of our arsenal now, so there's not a lot of incentive for attackers to develop countermeasures.

But a robot with a (cryptographically protected) fail-safe signal doesn't need to show judgment--it just shuts down when there are no commands coming in. Human units, it's true, aren't completely incapacitated when they're unable to communicate with their peers, but their effectiveness is likely to be severely reduced, and they also run a high risk of accidentally interfering with, or even attacking, their countrymen, or severely endangering themselves. (And they're generally considered inherently more valuable than robots.) So I still don't see why communications with robots (or RPVs) is necessarily a juicier jamming target than communications among humans.

My impression is that the reason military communications (primarily among humans) aren't routinely jammed today is not that they're not an attractive target, but rather simply that current technology happens to massively favor the communicator over the jammer. Consider, for instance, remotely triggered IEDs in Iraq. My understanding is that jamming technology *is* used against them, but that even the relatively unsophisticated, low-tech IED makers can rapidly adapt to any new jamming method.

Not sure what to tell you, Dan. Shutting down a unit completely seems to me quite qualitatively different from just interfering with inter-human communications. The robot is just much more sensitive to communications functioning properly. However, since neither of us has ever been in this situation it's basically just opinion.

As for IED jamming, it seems to me you're confusing two very different settings. In the case of IEDs, much of the point is that the defenders don't know where the IED is, and the signal only happens when the IED is about to blow up, so to defend you'd basically need to jam all the time across pretty much the entire spectrum. This is a pretty big deal in an environment where you'd otherwise like telecommunications to work. By contrast, when we're talking about armed robots, it's pretty clear that a robot is in use because (1) there's a constant stream of radio communication and (2) there's a big metal robot shooting at you. This makes it much easier to target just those communications that are actually in use. Moreover, in some settings (e.g., Iraq) the attacker has a lot less incentive to have comms work in general than the defender does.

Leave a comment