Yes, CISOs should be concerned about the types of data spy balloons can intercept

Yes, CISOs should be concerned about the types of data spy balloons can intercept

The Chinese airship that floated over the US and Canada was likely a multipurpose intelligence platform, gathering a variety of information types. It could gather data from corporate, government, or agricultural sources on the ground.

Credit: Dreamstime

The recent kerfuffle surrounding the Chinese surveillance balloon that sailed above Canada and the United States before meeting its demise off the southeastern coast of the United States has tongues wagging and heads scratching in equal measure.

While some may write this off as geopolitical shenanigans by China and nothing to fret about, I submit that it is emblematic of a nation-state using all resources available to acquire pieces of information and fill in the blanks on the mosaic they are building about a potential adversarial nation.

The physical threat posed by this balloon and the collection platform that dangled below it was negligible unless the balloon fell from the sky and landed in a populated area. It did not. When it met its demise, it was shot down by a US F-22 Raptor and fell into US territorial waters off the coast of South Carolina.

But what of the technological threat posed by the Chinese collection platform floating overhead at 50-60,000 feet? What type of intelligence could the platform be attempting to collect? Should CISOs care? Or is it no big deal?

The multiple INTs of intelligence gathering

GEOINT (geospatial intelligence)

The topic seized upon by many in the media — the ability to document the land below from 60,000 feet in high definition — is, in my opinion, the least threatening of all the potential collection opportunities presented by the Chinese balloon.

Open-source intelligence already allows the harvesting of building permits — the norm to track the expansion plans of competitors — and conveys the ability to attend or monitor community discussions about the pros and cons of a new industrial park. Photos from above might give something of an additional vantage to the watcher. On the other hand, we do know China is involved in agricultural intelligence.

Given that its economic espionage has targeted both US rice and corn in the past, perhaps the overflight was more strategic and was surveying for which areas of the US could be acquired as part of the Chinese farm acquisition program, and by extension, which companies to target to ensure that program’s success.

ELINT (electronic intelligence)

Here is an area that could be of concern to CISOs in many industries. What telemetry is being shared by commercial vehicles in the air or on the ground that can be captured by the equipment on the balloon?

What command and control signals from below to above can be intercepted? What tests were being conducted in the different areas over which the balloon passed? We know that at the very least it passed in proximity to multiple national laboratories. We won’t know the answers to those questions unless the US government chooses to share its findings about the balloon’s capabilities—if it chooses to do so at all.

MASINT (measurement and signature intelligence)

Perhaps the least discussed of the intelligence collections specialties, MASINT is potentially among the most informative.

The platform passed through rainclouds and airstreams from which it could have been sampling gases, vapours, dust, and fibres in the air in an attempt to identify locations where certain types of research may be conducted, where industry is active in sensitive production, or where military exercises are taking place—all of which would exude a measurable effluence into the air.

One must remember that energy is a national imperative; the balloon’s flight over Idaho quite likely signifies an interest in what was happening at the Idaho National Laboratory, arguably the nation’s premier electricity research facility.

SIGINT (signals intelligence)

The slow float from Idaho over the Midwest and through South Carolina gave the platform ample opportunity to sample the entire radio spectrum, cataloging publicly available networks and signals from those of closed corporate networks. Civilian and military aviation would also have been included.

Surveillance or political maneuvering?

There you have it. Nation-states will collect intelligence to further their knowledge of rivals and a large part of that intelligence will come from private corporations.

The fact that China chose this particular time to do so is indicative of its desire to place the United States in a weakened position ahead of a planned visit to China by US Secretary of State Antony Blinken, if it could. The United States didn’t take the bait and postponed the visit indefinitely and sent a demarche to the government of China.

The “sources tell us” snippets from the mainstream media note that the United States purposefully allowed the balloon and its collection platform to continue its mission and to receive navigational commands but jammed the transmission of non-navigational signals.

Thus, it is probable that the Chinese tried to issue a destruct command (not unlike those any CISO can do for a lost iPhone) but were unable to do so due to US countermeasures. Regardless of the outcome of that technological duel in the sky, the containers will provide valuable intelligence.

The containers are no doubt being collected from the sea floor and will be dissected to determine the mission of this airship—GEOINT, ELINT, MASINT, and SIGINT are all likely to be found.

Will the US give the balloon back?

Yes, probably in the same manner that China returned a US Navy EP-3E ARIES II plane which made an emergency landing on April 1, 2001, at Hainan Island. The US Navy plane had been in a collision with a Chinese J8 fighter and had to make an emergency landing.

While the crew attempted an emergency destruct during the minutes post-collision, they were unable to destroy all classified materials. The Chinese used this as an intelligence-gathering exercise to learn about and verify the capabilities of the aircraft and its surveillance mission package prior to its return to the United States (the disassembled aircraft was released on July 03, 2001).

Will the US government share what was found? Probably a little bit, especially if they return the collection platform to China in the same manner that the Chinese returned the EP-3E—in pieces.


Show Comments