Intentional electromagnetic interference

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
Not to be confused with Electromagnetic interference.
Not to be confused with International Mobile Equipment Identity.

Intentional electromagnetic interference (IEMI) is the malicious generation and directed use of electromagnetic energy (EM) to disrupt, degrade, or damage electronic equipment, information systems, or electrically controlled processes. IEMI is a subset of electromagnetic interference (EMI) that is deliberate rather than accidental, and is often discussed within the broader field of high‑power electromagnetics (HPEM).[1][2]

Although IEMI is frequently analyzed alongside Cyber-kinetic attacks because it can produce real‑world physical effects on cyber‑physical systems, it does not require software or network access. By definition, a cyber attack is executed via cyberspace against information systems,[3] whereas IEMI involves analog EM coupling into equipment and cables.[2]

Definition and scope

[edit | edit source]

URSI characterized IEMI as the "intentional malicious generation of electromagnetic energy introducing noise or signals into electric and electronic systems, thus disrupting, confusing or damaging these systems for terrorist or criminal purposes."[2] International standards subsequently placed IEMI within the HPEM domain: IEC 61000‑2‑13 defines representative radiated and conducted HPEM environments for civil facilities (including narrowband high‑power microwave and ultrawideband transients) and provides canonical waveforms for analysis and testing.[4]

IEMI is distinct from naturally occurring disturbances such as Geomagnetic storms and from non‑malicious electromagnetic compatibility (EMC) issues; it is also distinct from nuclear HEMP environments by its localized nature and diverse sources and waveforms.[5]

Threat actors, sources, and coupling mechanisms

[edit | edit source]

Known or hypothesized malicious actors include criminals, terrorists, and state or state‑aligned groups.[2] Practical IEMI sources range from portable UWB or mesoband pulse devices and narrowband high‑power microwave (HPM) systems to lower‑power but disruptive radio‑frequency jammers targeting communications (e.g., GNSS).[6][7]

Coupling paths include (i) radiated coupling through apertures and seams, (ii) conducted coupling via attached cables and power or signal lines, and (iii) near‑field coupling from devices in close proximity.[4] Depending on waveform, exposure level, and target susceptibility, effects range from temporary upset and data corruption to latch‑up, component failure, or permanent damage.[8]

Documented incidents

[edit | edit source]

Open‑source literature shows criminal misuse of EM tools, including interference with security systems, financial equipment, and communications; many incidents are covert and difficult to attribute forensically.[9] Intentional jamming of GPS/GNSS signals has affected civil aviation and maritime operations. For example, the International Civil Aviation Organization (ICAO) reported repeated GNSS interference originating from North Korea that affected international civil aviation and prompted actions by the ICAO Assembly in 2024–2025.[10]

European authorities likewise note antagonistic EM threats to critical services, including the availability of low‑cost jammers and the feasibility of vehicle‑portable HPM sources.[11]

Relevance to critical infrastructure

[edit | edit source]

Electric power systems, telecommunications facilities, transportation, finance, healthcare, and other sectors rely on sensitive electronics and networked control. Analyses for the U.S. Federal Energy Regulatory Commission concluded that HPEM/IEMI environments could upset or damage protection relays, substation controls, and SCADA communications if appropriate hardening is not in place.[6] The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued guidance to help owners and operators plan graded protections for mission‑essential equipment, addressing IEMI alongside HEMP and GMD.[12][13]

Standards and testing

[edit | edit source]

International standards address characterization of threat environments, immunity testing, and facility‑level protection:

  • IEC 61000‑2‑13 – defines radiated and conducted HPEM environments and representative waveforms for civil applications (including applicability to IEMI).[4]
  • IEC 61000‑4‑36:2020 – IEMI immunity test methods for equipment and systems, with guidance on deriving test levels from source parameters (Ed. 2.0).[14]
  • IEC 61000‑4‑23 (radiated) and IEC 61000‑4‑24 (conducted) – test methods for protective elements and devices used against HEMP/IEMI disturbances.[15][16]
  • IEC TS 61000‑5‑10:2017 – installation and mitigation guidance for protecting facilities against HEMP and IEMI (basic EMC publication).[17]
  • IEC 61000‑4‑39:2017 – close‑proximity immunity tests for equipment exposed to radiated fields (9 kHz–6 GHz).[18]

Coupling topologies and protection mapping

[edit | edit source]

The topology of EM coupling informs both testing and hardening. The table summarizes common IEMI coupling paths and links each to representative standards and controls.

Topologies of EM coupling and indicative protection/testing references
Coupling topology Primary paths Representative IEMI sources Representative test references Example mitigation controls
Radiated (far‑field) External apertures, seams, ventilation; unshielded windows; poorly bonded panels Narrowband HPM; wide/ultra‑wideband pulse devices; high‑power communications jammers IEC 61000‑2‑13 (environments); IEC 61000‑4‑36 (IEMI immunity); IEC 61000‑4‑23 (shielding verification)[4][14][15] Building‑level shielding and bonding; electromagnetic zoning; verified enclosure/room shielding effectiveness; filtered penetrations; standoff and siting[17]
Conducted Power feeders; signal/control cables; telecomm and GNSS feeders; long cable runs acting as antennas Conducted injection of HPEM pulses; coupling from nearby HPM/UWB sources into cables IEC 61000‑2‑13 (conducted environments); IEC 61000‑4‑36 (IEMI immunity); IEC 61000‑4‑24 (protective devices/filters)[4][14][16] Surge protective devices and HEMP/IEMI combination filters; properly bonded entry plates; cable shielding, segmentation and routing; ferrites and feedthroughs[17]
Near‑field / close‑proximity Hand‑held EM probes/loops near seams, sensors, or PCB areas; small apertures; poorly shielded devices Localized RF/magnetic injection; EM fault injection (EMFI) against microcontrollers/SoCs IEC 61000‑4‑39 (close‑proximity immunity); IEC 61000‑4‑36 (IEMI immunity); CWE‑1319 (EMFI weakness classification)[18][14][19] Device‑level shielding; sensor and cable hardening; physical access control; microarchitectural countermeasures (timing jitter, redundancy); localized detection/logging[20]

Mitigation and protection

[edit | edit source]

Protection strategies combine architectural, electromagnetic, and operational measures tailored to risk and consequence. Typical controls include:

  • site design and standoff (to reduce field strengths at targets);
  • building‑level shielding and bonding;
  • shielded rooms/racks and electromagnetic zoning;
  • surge protection and HEMP/IEMI filters on penetrations;
  • cable routing, ferrites, and feedthroughs;
  • configuration management to minimize apertures; and
  • monitoring and incident‑response playbooks for suspected EM attacks.[13][17]
[edit | edit source]

International radio regulation prohibits "harmful interference" to safety services and legitimate radiocommunications.[21] Many jurisdictions explicitly ban the sale and use of RF jamming devices; for example, U.S. federal law prohibits operating, marketing, or importing signal jammers, with civil and criminal penalties enforced by the Federal Communications Commission (FCC).[22]

Comparison with software‑based cyber tactics

[edit | edit source]

While IEMI is not a cyber attack, it can create effects analogous to those produced by software‑centric tactics. The table below provides a non‑exhaustive crosswalk for readers of both security and engineering backgrounds.

Analytic crosswalk of software‑centric vs electromagnetic tactics and their consequences
Goal (system effect) Software‑centric method Electromagnetic tactic (IEMI) Typical physical consequences in cyber‑physical systems
Loss of availability Distributed denial of service (DDoS) RF jamming of wireless links (e.g., Wi‑Fi, cellular, GNSS); deliberate interference causing physical‑layer DoS[23][10] Loss of remote control/telemetry, navigation outages and go‑arounds in aviation; degraded timing and situational awareness in ICS and transport.
Integrity violation (false data / unauthorized actuation) False‑data injection; command injection Conducted or radiated EM injection coupling into cables/equipment causing sensor/logic upset or protective relay mis‑operation; HPM/UWB transients per IEC 61000‑2‑13[4]; documented susceptibility of substation controls and relays[6] Erroneous set‑points or trips; spurious alarms; process disruption (e.g., unintended breaker open/close).
Timed/triggered disruption Logic bomb or time‑triggered malware Timed or opportunistic application of HPM/UWB pulses to induce resets, latch‑up, or damage in targeted electronics[24][14] Unplanned shutdowns of controllers; potential component damage depending on exposure.
Bypass controls / escalate privileges Memory corruption (e.g., bit flips), fault attacks Electromagnetic fault injection (EMFI) to induce instruction skips, register/memory bit flips, or timing faults in microcontrollers/SoCs[25][20] Authentication bypass, corrupted control logic, extraction of secrets from embedded devices, safety interlocks defeated.
Note: This crosswalk illustrates parallels in effects. IEMI remains a physical‑EM vector and, unlike software‑borne Cyber-kinetic attacks, does not require access to or exploitation of networked systems.[3]

Relation to other topics

[edit | edit source]
  • IEMI is a deliberate subset of EMI and part of the broader discipline of HPEM.
  • In cyber‑physical contexts, IEMI is often analyzed alongside Cyber-kinetic attacks because of similar real‑world consequences, but it is not a cyber‑sourced attack.[2][3]

See also

[edit | edit source]

References

[edit | edit source]
  1. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
  2. ^ a b c d e Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
  3. ^ a b c Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
  4. ^ a b c d e f Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
  5. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
  6. ^ a b c Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
  7. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
  8. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
  9. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
  10. ^ a b Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
  11. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
  12. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
  13. ^ a b Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
  14. ^ a b c d e Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
  15. ^ a b Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
  16. ^ a b Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
  17. ^ a b c d Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
  18. ^ a b Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
  19. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
  20. ^ a b Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
  21. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
  22. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
  23. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
  24. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
  25. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).

Further reading

[edit | edit source]
  • Radasky, W. A.; Baum, C. E.; Wik, M. W. (2004). "Introduction to High‑Power Electromagnetics (HPEM) and Intentional Electromagnetic Interference (IEMI)". IEEE Transactions on Electromagnetic Compatibility. 46 (3): 314–321. doi:10.1109/TEMC.2004.832961.
  • Sabath, F. (2011). "What can be learned from documented Intentional Electromagnetic Interference (IEMI) attacks?". URSI General Assembly and Scientific Symposium.
  • IEC TR 61000‑1‑5:2004. High power electromagnetic (HPEM) effects on civil systems.
Retrieved from "http://70.231.62.181/index.php?title=Intentional_electromagnetic_interference&oldid=25210430"