What is Intentional Electromagnetic Interference?
Electromagnetic interference (EMI) is all around us, in both natural and man-made forms. EMI is unwanted noise or interference in an electrical path or circuit that is caused by an outside source. EMI can cause electronics to malfunction or to fail. Examples of EMI sources include lightning, solar flares, radio and television broadcasting, radar, and microwave ovens. An emerging cybersecurity threat is intentional electromagnetic interference (IEMI). IEMI is the intentional malicious generation of electromagnetic energy to disrupt, confuse, or damage electronics or electronic systems for criminal or terroristic purposes. IEMI cyberattacks can vary dramatically in size and scope. Examples of IEMI cyberattack types include:
IoT devices. Internet of things (IoT) devices operate at low internal voltages and communicate through low power wireless networks. These devices can be easily disrupted by an IEMI cyberattackers using short, sharp pulses of high voltage/low energy interference using tool that are easy to obtain and readily available1.
HEMP. High altitude electromagnetic pulse (HEMP) is a near-instantaneous electromagnetic energy field that is produced in the atmosphere by the power and radiation of nuclear explosion. This nuclear explosion is damaging to electronic equipment over a very wide area, with damage increasing depending on the power of the nuclear device and the altitude of the burst. This is an incredibly sophisticated and difficult type of IEMI attack.
Broadcast. Broadcast attacks require that the attackers be close enough to a targeted system to disrupt their EM field, but they do not necessarily need to breach the facility. This attack is less effective than a hard-wired attack since the EM field diminishes quickly over distance, but it is easier to carry out than a hard-wired attack.
Hard-wired. Hard-wired IEMI attacks require that the cyberattacker physically connect to the targeted system, which guarantees that the attack will provide pulses strong enough to disrupt the system.
Contactless. A recent study demonstrated that a threat actor could use EMI to inject fake touch points into a touchscreen phone without physically touching it, allowing them to take over remote control and manipulate the underlying device.2 Other contactless attack types include electromagnetic jammers.
Steps to take to reduce system vulnerabilities to emerging IEMI threats include:
- Use proper grounding procedures
- Create space around the perimeter of your facility to keep disruptive devices further away
- Use metal rebar in outside walls, metal mesh in windows, and specialized filtering on cables at their entry points
- Install EMI warning systems
- Use EMI-proof fiber-optic cables instead of copper cables
1 Ivezic, 2018, “Intentional Electromagnetic Interference (IEMI)- the overlooked threat to IoT”
2 Lakshmanan, 2022, “Attackers Can Use Electromagnetic Signals to Control Touchscreens Remotely”