Since Iran put what is most likely a real American RQ-170 Sentinel Drone on display it seems that a cottage industry has emerged of folks who try to explain how the bat-winged spy in the sky was brought down. These theories fall into what seems like four distinct categories, and all have a handful of facts or cursory logic behind them that help their argument, although some have much more than others. You can go to lots of forums, blogs or news sites to get long interpretations of what could have happened, but what I would like to do is distill down the four major theories and discuss the basic logic behind them.
THEORY #1: Iran Alone Had A Direct Role In Downing The RQ-170
This theory is of course supported heavily by the Iranians and the most complex to evaluate do to an almost unlimited amount of variables associated with it. Since the drone “went missing” there has been an avalanche sized PR blitz by the Iranians attempting to claim that the downing of the drone was due to their single-handed ingenuity and advanced technological capabilities. Their number one argument in explaining their version of events comes in the form of the RQ-170 that they showed the world in a spectacularly odd fashion on December 8th. The Iranians went a step further than just saying that they shot the object out of the sky or jammed it into confusion. No, they actually posit that they commandeered the aircraft in real-time, locating it, jamming its GPS receivers and communications links, in affect forcing it into autopilot, and then somehow tricking into thinking it was back home at Shindand AB. Then, according to their story, their plan paid off by tricking the aircraft into automatically landing because it thought it was home. Because of the slight differences in elevation and terrain between it’s landing point and it’s home base, the Iranians argue that the drone made a hard landing, thus damage that we see and that we were not allowed to see was incurred on the airframe. Quite the yarn, a humanless hijacking of sorts. Could this have been possible? Is it true? The answer appears to be possibly yes, but extremely unlikely.
It is natural for our brains to constantly crave solid, clearly defined answers to complex problems or mysteries that we are presented with. The problem is that sometimes the truth is simply not that simple. So what we end up with are a series of puzzle pieces that are thrown out there and it is our job to see if those pieces complete the puzzle picture or if those who threw the puzzle pieces at us are in fact not giving us the correct pieces needed to complete the puzzle. Never has this been truer than regarding the Iranian’s claims as to their drone catching operations. Lets go through some factors that would have had to have been part of such an operation and discuss their validity:
1.) Iran had to know where the drone was going to be in time and space in order to pull this off. Just waiting in the Desert for an invisible flying wing to somehow be spotted is not going to make this operation possible for the Iranians. So at least one of three things had to be true:
a.) Iran is able to detect the RQ-170 through radar or electronic service measures / electronic intelligence gathering gear. No aircraft is invisible to radar. It would make sense that if the RQ-170 would get close enough to modern air defense radar system it would show up, maybe not strong enough to guide weapons onto it, but its presence could possibly be detected. On the passive side of things, Iran does have some modern ESM/ELINT systems, notably the recent delivery from Russia of the “Avtobaza” Jamming and ELINT system. If the RQ-170 was actively streaming navigational data, video, or other surveillance information up to satellites or over the horizon to a battlefield connectivity node, it may be possible that it could have been detected. At which point radars could focus on its general location in order to try to track it. It would be logical that the RQ-170 uses a low probability of intercept data link system, but nobody is certain of this or as to how vulnerable it is to detection. Another way that Iran may have known that an RQ-170 is operating in its airspace is by utilizing old-fashioned spotters around the airfields in which they reside. Although this is very superficial information, at least it would give Iran an early warning that one is in fact out there somewhere, during a given period of time.
b.) A trap would have most likely been set. If this was a real “operation” instead of some sort of luck by the Iranians, it would make sense that you would pick a spot of high interest to western intelligence services and create an event, or an information leak that would draw in the asset within a reasonable amount of time. There has been some strange goings on when it comes to events around key sites in Iran, the nuclear research station in Isfahan’s recent blast comes to mind first. Once you have your trap set you can concentrate all your specific gear and manpower related to the operation in one place, otherwise aimlessly searching for the Sentinel really is a needle in a haystack proposition.
c.) If the RQ-170 flys over into Iran often maybe the Iranians have tracked its general route and flight patterns. This tactic would be based on the Serbian model that lead to the downing of the F-117 Nighthawk, known as “Vega31,” during the air campaign over Yugoslavia in 1999. Serbian radar operators had realized that F-117s were using a common escape corridor after attacking targets over Belgrade. Stealth airframes are not invisible to radar and are really optimized to redirect or absorb certain radar frequency bands. Knowing this operators were able to modulate their radars at longer wavelengths than normal, and by doing so they were able to detect, target, and engage “Vega31” with an SA-3 “Goa” surface to air missile (SAM). So although unlikely, it is possible that Iran decided to set up their trap along a known RQ-170 route, particularly where air defenses are not present. The sparse Kashmar area being loosely located between Shindand AB and Tehran area of Iran, where Iran claimed the aircraft went down, may have been a logical location to set this trap. Further, they may have realized that the drone does not go into stealth mode, where it stops transmitting and pulls in any external antennas, until it gets closer to known threat areas, thus making it more vulnerable. This tactic is of much interest as it had worked before for the Serbs and the Iranian military are no dummies, they may sought out to emulate this proven method.
Now it comes down to the how and what of the “Iranian intervention” theory. If Iran had any part in the downing of this drone, this first theory would be proven a valid. Further, a mix of variables could have helped lead to the RQ-170s demise, it does not necessarily have to be all or nothing. For instance, if Iran jammed the drone’s GPS, maybe it caused an error in the software that made it crash when all Iran was trying to do was to deter the machine from its airspace. Or, possibly Iran was able to lock the drone up and shot a SAM at it, which exploded nearby and suffocated its engine, which caused the aircraft to descend down to earth unpowered. There are lots of potential possibilities that do not have to do with high-tech cyber warfare or elaborate planning, although they would have been more of chance and less likely to have resulted in the current situation where the aircraft made it back to earth largely intact. So even a very simple intervention by the Iranians would have ended up causing such a loss.
Now lets look at the Iranians’s story and see if it really adds up:
Iran said it jammed the Sentinel’s communications data link and spoofed the drone’s GPS receiver. This has been talked about on end around the net. The problem is that the Sentinel most certainly uses encrypted defense GPS frequencies as well as encrypted low probability of intercept communications. Further, both these receivers are located somewhat shielded location above the wing, which may make them harder to jam or spoof from ground stations. None-the-less, lets say the data link was jammed and the aircraft was in default autopilot mode where it either would circle or head back to base. Now the Iranians would have had to heavily jam or break the military grade GPS encryption in order to spoof the GPS receiver to make the drone think it was home. There are two MAJOR problems with this. First, the aircraft’s navigational brain primarily relies on inertial navigation system (INS) as we talked about a week ago. This system uses gyros to tell it where it is in time and space since it first started moving. The GPS is embedded into the INS system in such a way that it checks the INS and accounts for inaccuracies like drift that the INS is not as capable of detecting. If for some reason all of a sudden the encrypted military GPS bands were scrambled, maybe the aircraft would switch to the much more vulnerable commercial GPS band. But even if the Iranians tired to send the drone false GPS coordinates in an attempt to make the drone think it was home, the INS system would totally recognize that the GPS is now on a vulnerable band, and thus lower it’s priority in the command logic. Further, if the spoofed GPS data was immediately widely different from what the INS reports, the system’s software would then throw out all GPS data entirely and continue on its way relying on it’s INS alone. Even disposable munitions such as the JDAM series of GPS guided bombs have anti-jam, anti-spoofing filters built in and they to can fall back on an INS system if the GPS reception or data is just too corrupt to use.
The only other possibility that was brought to my intention from an intelligent aviationintel reader was what if very small inaccuracies were fed into the GPS over a long period of time, thus skewing it’s flight plan over a great distance. This could possibly keep the GPS data from being totally thrown out by the INS system. This sounds like it may be possible, but the amount of time and precision required to selectively jam the Sentinel’s receivers and to introduce such small deviations in coordinates into the system in order to make the drone’s navigational brain think it was home when it was really still deep over Iranian airspace is stretching the realm of possibility and frankly it is beyond my conceptual knowledge at this point. I will open this idea up to my readership for further debate.
It seems that there was no real hacking involved in the plot as the Iranians have described it. The operation did apparently involved jamming and spoofing of navigational signals, but no direct “commands” were given to the UAV via hacking into it’s command protocols. The key part of the mission seems to have been making the drone think it was home and to “auto land” on its own since it was out of communications with handlers via a supposed jammed data link. I find this part of the story totally suspect. All UAVs currently in inventory “hand off” terminal guidance to a ground station in theatre. This is a line of sight system that basically handles launch and recovery control of the drone in the airspace surrounding it’s home airfield, also known as the “Launch & Recovery Element” or LRE. Depending on the aircraft’s altitude, line of sight connectivity can be made hundreds of miles away from the drone’s home base. From here the LRE can work with air traffic controllers to clear the drone for recovery. The idea that it just comes home unannounced and enters a traffic pattern to land sounds ridiculous and it could put many lives in danger doing so. Either the Iranians had to have somehow known that this odd protocol was in place, or they just got very lucky when it happened. I just doubt that there is such a capability programmed into the drone by default without commanding it to do so directly.
Finally, why would the Iranians think that just because the aircraft’s GPS and communications were jammed and its location spoofed that it would decide land automatically? If the Iranian’s manipulation it did somehow awaken a glitch in the software and a latent test mode or something caused it to execute a controlled off-field landing, I highly doubt they expected this. BUT, if Iran had inside knowledge of the RQ-170’s systems architecture, especially information regarding it’s default protocols and autopilot, or were able to replicate the line of sight LRE, maybe they could have known that this would happen. Or they if they had detailed knowledge of the RQ-170’s landing practices, and associated LRE hardware, they could have possibly emulated a command, acting as the LRE that instructed the drone that it was cleared to land and to proceed automatically. This changes the story and seems to go beyond what the Iranians are currently claiming, although the possibility that the Iranians recreated or emulated a LRE and its encrypted (hopefully!) commands does add some relevance to the story, but it also complicates their task and story considerably.
I think what we have with the “Iran alone had a direct role in downing the RQ-170” theory is a mixed bag. It is well-known that American drones are possibly susceptible to jamming and spoofing, as a recently released (or leaked) USAF Scientific Advisory Board document lays out. But considering the sensitivity of the drone in question and the missions it was designed to execute, I think it would be exceptionally poor engineering by the Skunk Works folks if this thing was not more hardened against such electronic assaults than say a standard Predator drone. Overall it sure seems like Iran’s detailed account of how they took the RQ-170 down may be a story built in reverse. A string of conceptual possibilities built to explain to the media with great pride how this was done, but it lacks many key elements and leaves more questions hanging than it really answers.
That is not to say that Iran did not try to bring the drone down if it could track it via ESM/ELINT systems in correlation with search radars being operated at lower than normal frequencies. But without detailed information in their hands as to how exactly the secret drone would react under these conditions there would be simply too much guess-work to actually attempt such a feat with any certainty that the drone would actually land relatively intact, or allow itself to be manipulated at all. Further, this type of theory would only be possible if the RQ-170 was indeed a disposable asset, that uses common parts and the operating procedures of its much less invisible drone cousins. In addition, if Iran pulled this off alone, in the exact was they described, why on earth are they telling everyone about it? Isn’t their story more effective by just saying nothing and showing the surprisingly intact article as proof? Don’t they want to utilize this capability in the future?
Overall I believe there is a high probability that Iran’s story as they describe it is false, and just like they pieced the RQ-170 back together before displaying it, the tale they tell is cobbled together with crude connecting joints and it’s belly is covered by propaganda flags and camo netting. Although it sounds good conceptually at first glance, the pieces simply do not fit well enough together.
THEORY #2: Iran Had Direct Help From Another Nation To Down The RQ-170
This is a fairly simple idea. It takes the scenario above and lends the technical expertise of China or Russia into the mix in order to help explain how this was accomplished. Frankly put, there is some serious incentives, especially for China, to get their hands on an RQ-170 even if it is not the absolute cutting edge in stealth airframe design. China sees UAVs as a serious part of their strategic future. They are hard at work trying to design aircraft similar to America’s MQ-9 and RQ-4 UAVs. They are especially interested in over the horizon targeting in the marine environment to support their anti-ship ballistic missile program. An RQ-170 could provide the “missing link” in UAV technology that they so desperately need. Further, China is known for their electronic espionage, especially when it comes to military technology. Various accounts of Lockheed’s and other defense contractors servers being hacked into and large swathes of data being stolen have surfaced on numerous occasions over the last decade or so. Design documents pertaining to the F-35 program and others were said to have been looted. What is not to say that information on the RQ-170 or other drone programs from other manufacturers has not been stolen and exploited by the Chinese. Maybe some of this information gave them they key’s to the RQ-170’s proverbial castle? Its speculative, but it may have been possible.
The malware type of infection that infested drone cockpit stations at Creech AFB (the epicenter of USAF drone control just north of Las Vegas, Nevada) made national news. To the USAF it was a big question mark as to what exactly the virus was and where it came from, but it was said to have had key logging and credential stealing attributes, and when USAF’s techs tried to wipe it from their drives it mysteriously would pop back up. Although this is not a smoking gun that tells us that USAF drone operations have been compromised, it is an outright example that even America’s premier operational drone control post is not totally safe from cyber threats, not by a long shot.
China or even Russia could have identified the RQ-170 as the most advanced unmanned weapon system in known existence and set their sights on acquiring one. If Iran paired with another country, where they could combine all their espionage and technological knowhow behind a single mission to snatch a stealth US drone that was considered somewhat “fair game” as it would be caught while violating another country’s sovereign air space. This joining of forces would make the story as it is told by the Iranians much more believable. Motive wise, Iran had the access and some previous drone wreckage, China or Russia had the technological means to possibly set an effective trap, they just needed to be in a place where victim of their intended trap would be operating. That would be Iran’s nuclear sites. By reverse engineering past crashed drones and hacking into as many relevant DoD and manufacturer related servers as possible to gain information, together they may have been able to put a comprehensive picture together of how the Sentinel operates and in turn how to commandeer one and bring it down somewhat intact.
The technological payday for a country like China would be massive, as they would be able to reverse engineer (something they are masters at) one of America’s latest and greatest unmanned super stars, while Iran would be able to execute a massive propaganda campaign and disrupt the constant American spy flights over their sensitive nuclear sites. All this would could be had without any chance of real retaliation from the US. Years ago when conventional drones started falling in the skies above Iran they very well may have gone shopping their value, and once the Sentinel came of the scene it was just a no brainer for both parties to try to capture it. Sometimes working together just makes sense, and in this case it sure does…
Some will be hurt that I don’t think Iran could have done this all by themselves. I have said it over and over again, do not underestimate the Iranians. I realize it could be possible, but it is just not at all probable. When you put the vast resources and unabashed appetite for western cutting edge technology that a country like China has behind such a mission, the whole thing is just much more plausible…
THEORY #3: The Drone Was US “Trojan Horse”
Frankly I am amazed with how much email I received and how many postings exist on the net explaining this event as US espionage operation that was executed on purpose to accomplish one or many of the following goals:
-It was meant to ignite an armed conflict between Iran and the US. In this scenario for some reason the US wants to get involved in another war in a region that we have been bogged down in for a decade, not over nuclear weapons but over a little drone? wouldn’t we have blown it up then to start something like this. I really don’t think this is on the Obama Administration’s docket folks.
-We sent the drone to the Iranians and whoever else is involved or who will be sold the carcass of the RQ-170 to spend lots of manpower reverse engineering a deadend group of technologies packed inside. I really don’t the Iranians or the Chinese are stupid enough not to realize that a fiberglass drone with a cruise missile motor packed inside and some archaic autopilot systems is not some sort of a ruse. Plus, when they recreate its shape and test its radar cross-section and it shows up as a MiG-21 in size the ruse would be over. Further, Iran and China have large indigenous aircraft engineering and design apparatuses. China’s is just massive and really quite advanced. A bit of reverse engineering on a little drone is not going to break the R&D budgets of either country.
-The drone was crashed into the Iranian countryside to inject a deadly virus into the Iranian’s and whoever else’s computer systems who will evaluate the drone. Out of all the ideas this makes the most sense, but surely after the Iranians’s experience with the Suxnet Virus that infected machinery that was critical to their uranium enrichment program, they would take great measures to quarantine and “wash” any data that is removed form the RQ-170’s computer systems.
-Lots of talk from different posters about the drone being used as a tracking device to lead America to new super secret nuclear bases that we are currently not aware of. This is really preposterous. Why would the Iranians need to hide the drone at a nuclear base? This thing will end up at Esfahan Air Base (also written as Isfahan) where engineers from Esfahan University, Iran’s leading institution for UAV development, can dissect it. Further, Esfahan is also the site where Iran’s Tomcat fleet has been kept running against all odds. In other words, if something is not indigenous but needs to be understood or kept flying, it goes to Esfahan. Esfahan is also home to Iran’s rocket and nuclear program, so this place is truly the epicenter of Iranian military knowledge. On a side note, Esfahan AB is close to the nuclear site where there was the aforementioned explosion on November 28th. This would have been the ideal trap for the Sentinel as we discussed. Another explosion was apparently reported at the air base on the same day. In conclusion I really don’t see how a tracking device, even if the US could make it undetectable, is really that important enough to cause such an international incident when we already know pretty well where the Sentinel’s new owners will be sending it for evaluation. I will do a post on the importance of Esfahan later to discuss it in depth.
I just don’t see any motivation for the US to pull such an outlandish stunt as crashing a drone into another country’s sovereign territory so that some elaborate plot of worthless reverse engineering, computer virus implantation, or secret base discovery could be executed. Lots of people are saying this but they have simply no evidence or logic behind it to back it up. Although as I stated at the beginning of this piece, I want to showcase every theory for my readers and this certainly has been a popular one amongst some folks!
THEORY #4: The Sentinel Crashed Due To Mechanical or Software Failure
Machines, like their human designers and fabricators and imperfect. People fail and so do aerospace systems. Especially when you are talking about an asset that was clearly designed clandestinely, using leading edge fabrications techniques that would get these drones out in the field faster and cheaper than ever before. We have talked about the mechanical failure possibilities on to a great extent, mainly the loss of a motor over hostile territory or other critical mechanical system. We have also talked about software and how one tiny glitch in the thousands of lines of code that make up the programming for such a machine can lead to a massive cascading effect of failures.
You simply cannot test for every possible scenario and variable under every possible condition, and sometimes the unforseen happens. This is especially true with software. We discussed in an earlier post about the example of the F-22s that lost all navigation equipment high above the pacific after crossing the international dateline, all due to a simple unforseen software glitch. Further we discuss the possibility of a latent test and training protocol that would tell the drone to attempt to land as safely as possible so that whatever catastrophic problem that required it to do so could be evaluated and fixed, as smoking holes leave little evidence for engineers to diagnose! Further we have even seen a video of the fragile, glider like RQ-4 Global Hawk fall tens of thousands of feed to its destruction, only to break into a few parts with no resulting fireball. The sometimes uncanny hand of physics can do some wild things! Further, when you talk about super strong yet very light polymers and carbon fiber airframe construction you just have a different dynamic than when a traditional aircraft plows into the dirt. We even have reports from sources within the DoD, aired by mainstream news sources, that have said that the Sentinel had a malfunction and crash landed. They say it subsequently sat for days without being molested. Once the Iranians had finally found it they trucked off the three or so major sections that the aircraft broke into on impact, dissected it, painted it and put it back together for all to see. This answers some of my final reservations as to it’s authenticity, including the painted on appearance of the access hatch above the jet intake as well as the saw marks visible in that same area.
Even a small drone like the RQ-170, although it appears very simply on the outside, it is an incredibly complex flying machine on the inside. Even the Predator drones are not the simple toys they appear to be. The fly-by-wire system alone requires solid data from its air sensors to enact thousands of commands a second in order to keep the aircraft pointed straight instead of throwing itself into a death spiral. And being that this is a high value, low density asset (we don’t have a lot of them) there simply would not be the massive amount of hours built up over time to ensure that the system was extremely sound. That is why I believe the geniuses over at Lockheed Skunk Works built these drones to be semi expendable. They weighed the reward against the risks and came up with the Sentinel as a common sense stealth UAV that could actually be used on high risk missions without great fear that all of America’s stealth secrets would be lost if the aircraft did not return home as expected.
It may come down to the whole “Ockham’s Razor” type of reasoning. Sometimes a crashed plane is just that, a crashed plane. We lose military aircraft every year. Many of them have been flying with our forces for decades and decades and the DoD has their operations and maintenance down to a science. Even with all that performance data available these well-known systems still do fail and sometimes in spectacular and unexpected ways. Why is the RQ-170 any different?
So there are the four theories as to what happened to the doomed RQ-170 Sentinel. I hope you enjoyed this very detailed report! Now I want to hear from you, what do you think happened and why? Am I missing any key theories or points here? I love to be proven wrong so let the discussion begin!
PLEASE READ THROUGH ALL MY “SENTINEL DOWN” POSTS STARTING AT A POINT WHEN THIS STORY WAS NO STORY, IN ORDER FROM NEWEST TO OLDEST: