Imagine a SIGINT team that was tasked to uncover RF access points at a power plant. As it approaches the plant, it discovers the plant’s SCADA network operates as a mesh, with wired and wireless signals. Workers communicate with handheld trunked radios at 400–450 MHz. There are multiple Wi-Fi access points at 2.5 and 5GHz. Bluetooth lurks around, and there is also an air defense RADAR between 8-12GHz.
The team is faced with several critical tasks: First, they must decode the DMR. Then, they need to detect and geolocate the Wi-Fi. Lastly, they have to classify the RADAR. All these actions, specifically the decoding, require high-fidelity RF recording with I/Q capture. Only high-fidelity RF I/Q data will deliver the enhanced data they need to get an accurate baseline of the entire power plant and map out the SCADA network for follow on RF over cyber effects.
The key areas of military signals intelligence
Signals Intelligence (SIGINT) refers to intelligence-gathering through the interception, analysis, and exploitation of electronic signals and communications. The information gathered through SIGINT can provide valuable insights into the activities and intentions of enemies and can help develop effective countermeasures to disrupt or defeat their electronic systems.
SIGINT can be divided into two main categories: communications intelligence (COMINT) and electronic intelligence (ELINT). COMINT focuses on gathering information about the content and context of communications, such as who is communicating with whom, what they are discussing, and when and where the communications occur. ELINT, however, focuses on the interception and analysis of electronic signals that are emitted by electronic devices and systems, such as radars, communication systems, and electronic warfare systems.
To effectively carry out all areas of military signals intelligence, operators require specialized hardware and software to detect and make high-fidelity recordings of communication signals.
What are the applications of high-fidelity RF recording?
Broadly, by capturing and analyzing a wide range of RF signals (from high fidelity to extremely high fidelity), high-fidelity RF recording enables specific signal types to be identified, changes in signal patterns to be detected, and spectrum use to be monitored. More importantly, it can detect frequency hoppers and LPI/LPD signals.
High fidelity vs. low fidelity
While there is no strict definition, certain factors influence the fidelity of an RF recording. First, high fidelity should always include I/Q data, as this enables further demodulation and decoding. Second, having a high dynamic range increases the sensitivity and capture at the noise floor. Last, having wideband I/Q bandwidth and a high-frequency range also ensures more signals are captured. Low-fidelity SDR systems, such as hobby SDRs, do not possess the qualities for adequate capture as they lack sensitivity and frequency/bandwidth parameters.
There are many specific use cases for military signals intelligence:
Demodulate, decode, and decrypt
High-fidelity RF recording of I/Q is a powerful tool to demodulate, decode, and decrypt communication signals, enabling more effective COMINT analysis and decision-making. First, demodulation involves separating the modulated signal from the carrier wave to analyze the underlying message, allowing insight into the type of communication being used. Second, decoding communication signals involves translating the message from its encoded form into a readable format, providing detailed information about the content of the message. Last, decryption allows access to the message's content.
Find and analyze unknown signals
High-fidelity RF recording can be used to search for unknown signals in a wide frequency range, enabling new signal sources to be identified. Once identified, SIGINT analysts can conduct an in-depth analysis of the frequency, amplitude, and modulation characteristics to determine their nature and potential threat. Once identified, the new signal can be added to the library and rapidly detected the next time.
By discovering and focusing on signals of interest, high-fidelity RF recording enables signal geolocation. SIGINT analysts can geolocate a signal by using the Time Difference of Arrival (TDOA) technique, which involves comparing the signal's arrival time at three or more nodes. TDOA algorithms calculate the time difference of arrival between the signal and multiple receivers, revealing the signal’s location based on the difference in arrival time.
Angle of Arrival (AoA) is another geolocation technique using two direction finding arrays. This capability can provide valuable targeting information for CEMA cells, such as the location of enemy communications, jamming, or electronic warfare activities.
Rapidly update a SIGINT database and discover a pattern of life
Using high-fidelity RF recording, analysts can collect and store a wide range of signals, including those with complex modulation and encoding schemes. This enables the identification and classification of specific signal types, which can be stored in a SIGINT database and then analyzed with software to establish behavior patterns—providing valuable information.
What are the benefits of long duration, wide bandwidth, remote, SIGINT collection?
Long duration, wide bandwidth, remote SIGINT collection involves capturing and analyzing RF signals over an extended period, across a wide frequency range, and from a remote location. The use of high-fidelity recording techniques enables the following benefits:
Every signal captured – Recording over a long period (hours/days) allows every signal to be captured, as analysts do not always know when relevant signals will be transmitted or what signals will be transmitted. Moreover, some transitory and low-power signals are relatively easy to miss or hide, especially Low Probability of Intercept (LPI) signals which require a real-time acquisition and recording system to analyze. However, going through tons of data isn’t helpful either, and that is why detectors and other analytical tools assist SIGINT analysts in quickly finding the “needle in the spectrum haystack.”
Increased coverage – Remote SIGINT collection means that a single SIGINT operator could remotely control over ten stations along a border or operational area from a command suite far away from the threat through varied network connections over low bandwidth and latency connections. These operators can use automation and machine learning to schedule collection, and then identify target signals quicker. Remote stations can also be supplemented with SIGINT or EW teams on the ground, who focus their efforts on specific targets of interest.
Greater situational awareness – Long duration, wide bandwidth, and remote collection allows for the collection of continuous, real-time intelligence information, providing greater situational awareness and enabling more effective decision-making.
Enhanced intelligence gathering capabilities – Collecting signals over extended periods allows analysts to identify and monitor patterns of activity and behavior changes that may indicate new threats or opportunities. For example, there are obvious benefits to understanding the enemy’s full Primary, alternate, contingency, and emergency (PACE) plan, which can be captured from radars and handheld signals—and it is better to track a herd than a single emitter. This is possible by enabling the collection and analysis of a wide range of signals over a long duration and from a remote location.
Improved target identification – Wide bandwidth collection enables analysts to identify and classify signals more accurately and efficiently, allowing for more effective target identification through attributing multiple signals of interest to a particular platform.
Enhanced signal collection – Wide bandwidth enables the collection of a wider range of signals, including those with complex modulation and encoding schemes that may be difficult to detect and analyze using narrower bandwidth collection techniques.
Reduced risk – Remote collection techniques allow for collecting intelligence information without putting personnel at risk, reducing the risk of casualties and enabling intelligence collection in dangerous or hostile environments.
Record 24/7 – There is rarely enough manpower to operate intelligence systems 24/7, drop-kits, and fiber-enhanced systems. However, most operating briefs require days’ worth of uninterrupted recording and real-time replay, which is possible with long-duration recording.
Tactical high-fidelity RF recording is critical because this data provides essential information about enemy electronic communications. By collecting and analyzing RF signals, SIGINT analysts can identify and locate communications sources, extract data from intercepted messages, and better understand enemy communication patterns and tactics.