In what reads somewhat like a convoluted detective story, the events unfolding at the Chornobyl Exclusion Zone (CEZ) in Ukraine during late February had the media channels lighting up with chatter about ‘elevated gamma radiation levels’, which showed up on the public CEZ radiation monitoring dashboard for a handful of gamma radiation sensors. This happened right before this reporting system went off-line, leaving outside observers guessing at what was going on. By the time occupying forces had been driven out of the CEZ, the gamma radiation levels were reported as being similar to before the invasion, yet the computer hardware which was part of the monitoring system had vanished along with the occupying forces. After considering many explanations, this left security researchers like [Ruben Santamarta] to consider that the high values had been spoofed.

During the Black Hat event held in August of 2023, [Ruben] presented his reasoning in a series of slides. Much of this comes down to applying Occam’s Razor. The original theory was that driving heavy vehicles around the CEZ caused radioactive dust to get suspended (resuspension) into the air, causing the ten-fold jump in gamma radiation readings, yet as demonstrated by M.D. Wood and colleagues in the Journal of Environmental Radioactivity in September 2023, this is physically impossible, as disturbing even the top 10 cm of soil in which the ¹³⁷Cs isotope is concentrated would not have a meaningful difference in gamma reading. A fact which is also demonstrated with the regular wildfires in the CEZ that cause massive resuspension of ¹³⁷Cs-containing soil, yet which do not lead to massive gamma radiation spikes. Measurements afterwards by the IAEA also confirmed no significant increase in radiation, though widespread damage to the monitoring equipment was reported.

This conclusion then led to other considerations, such as whether electromagnetic interference or even electronic warfare (EW, including jamming) systems could have caused the clearly incorrect data to appear in the reporting system. Yet due to the highly distributed number of elevated sensor readings despite the limited range of EW and similar sources of interference, as well as the very specific increase in reported values on the public-facing dashboard, such a scenario would be essentially impossible.

Shifting the focus to willful manipulation of the values at some level of the system offers a number of interesting options. Spoofing a monitoring station is one option, or if one has access to the server that accumulates the data received from individual monitoring stations, this data can be altered or spoofed at this level.

Although proving anything definitively here is impossible, since all of the forensic data was destroyed by the occupying forces, [Ruben] postulates that either the SkyLINK wireless transmitters were spoofed at these specific locations in the CEZ (possibly after their willful destruction), or the server processing the incoming data was directly manipulated. To what end would be anyone’s guess, since the forensic evidence that existed is gone, and all that is left is conjecture.

What is most telling here, however, is that despite the dual-layered nature of the monitoring system at the CEZ, with the old (wired) and new wireless system, physical violence against monitoring equipment and the single point of failure of a relatively unprotected processing server meant that for weeks nobody knew what was going on inside the CEZ, other than those mysteriously high values on a public dashboard before the system went offline.

Extrapolating this scenario to industrial, natural and other disasters, it’s not hard to see how other environmental sensor networks are equally fragile, with essential information from whichever sensors are still online unable to make it out of the disaster zone due to a lack of redundancy here. Since in many disaster scenarios such sensor information can be essential in planning a rescue or repair mission, hardening an environmental sensor network and adding redundancy at each level can make all the difference in the world. Whether your single-point-of-failure server system was tossed into the back of a military truck or crushed by tons of collapsing building is merely academic in that context.

(Heading image: A monitoring station as set up in the CEZ, featuring both the legacy (ARMS) and new wireless monitoring system.)