Wednesday, October 22, 2025

[2510.14367] A 2-bit Ku-band Digital Metasurface with Infinitely Scalable Capability

Element structure:(a) RF-DC separation architecture topology; (b) RF part top view; (c) RF part bottom view.

[2510.14367] A 2-bit Ku-band Digital Metasurface with Infinitely Scalable Capability

“A 2‑bit Ku‑band Digital Metasurface with Infinitely Scalable Capability” (Zon X., Shi H., Yang F., Liu Y., Xu S., Li M., Oct 2025) (arXiv


A new digital-metasurface milestone

The recent pre-print by Xiaocun Zon, Hao Shi, Fan Yang, Yong Liu, Shenheng Xu and Maokun Li reports a 2-bit digital metasurface operating in the Ku-band (roughly 12–18 GHz) with an architecture they call “infinitely scalable capability”. (arXiv)

In plain terms, the device:

  • Provides dual-polarization control (X- and Y-polarization) via a 2-bit coding scheme of its meta-atoms. (arXiv)

  • Implements a novel RF-DC separation architecture: the RF metasurface layer and the DC-control circuitry are placed on separate printed circuit boards (PCBs) and interconnected via cascading pins, thereby reducing the complex DC routing issues that normally hamper very large 2-bit metasurface arrays. (arXiv)

  • Demonstrates a fabricated prototype sized “4 × 16 × 16” (i.e., four panels each of 16 × 16 elements?) that achieved a measured gain of 28.3 dB and an aperture efficiency of 21.02 %. (arXiv)

  • Claims “theoretically unlimited two-dimensional array expansion” thanks to the modular cascading architecture. (arXiv)

  • Positions itself for applications in long-distance communication and radar detection in the Ku-band. (arXiv)

This is notable because while digital (coded) metasurfaces have been studied for beam-steering, RCS-reduction, communications, and generally in lower microwave bands, the combination of 2-bit coding, Ku-band operation, dual-polarisation control and a genuinely scalable architecture marks a step-change.

Next we place this development in context of the three performance domains of interest: SAR imaging, Doppler radar (motion measurement) and digital communications (waveform/bit transmission) and analyse how such a metasurface might impact them.


Performance analysis: SAR radar, Doppler radar and digital communications

SAR radar implications

Synthetic Aperture Radar (SAR) systems typically operate in bands such as X, C, L, S, and increasingly Ku for high-resolution imaging. A metasurface with Ku-band operation and high gain opens new possibilities for compact, steerable reflectors, adaptive apertures and beam-forming surfaces for SAR.

Key performance attributes:

  • The prototype achieved a gain of 28.3 dB and an aperture efficiency of ~21 %. The efficiency is modest — many conventional antenna arrays offer higher efficiency — but given the metasurface’s reconfigurability and dual-polarisation, this is promising.

  • Because the metasurface is digitally coded (2-bit states), one might envisage beam-steering capability or dynamic reconfiguration of the aperture phase distribution, which is valuable for SAR applications (for instance to shape the beam, steer the look angle, modify sidelobes).

  • The infinitely-scalable architecture means one could build very large apertures by tiling modules. For SAR imaging, a larger aperture improves azimuth resolution or allows shorter mission times (for spaceborne) or higher swath speeds (for airborne).

  • Dual polarisation enhances target discrimination, polarimetric SAR (PolSAR) capability, which is valuable for classification of surfaces, vegetation, infrastructure.

  • Challenges still remain: aperture efficiency of 21 % is rather low for critical imaging; also, metasurfaces may introduce additional scattering, losses, and their dynamic reconfiguration might compromise signal stability or calibration. For SAR, consistent phase stability and calibration over large arrays is key.

  • In terms of resolution trade-offs: Higher frequency (Ku rather than e.g., L-band) means finer resolution (because λ is smaller) but at the cost of shorter range and higher atmospheric attenuation. A digitally-coded metasurface may be used as a steerable reflector rather than transmitter/receiver, enabling alternative architectures (e.g., passive reflectors).

Thus, while the paper does not itself report a full SAR demonstration, the technology is relevant: a scalable Ku-band metasurface could serve as a novel aperture, steerable reflector or part of an adaptive antenna system for SAR platforms.

Doppler radar / motion measurement

Doppler radar focuses on velocity and motion signature via frequency shifts of reflected signals. Micro-Doppler (vibrations or rotations) is gaining importance. How might this 2-bit Ku-band metasurface relate?

  • The metasurface’s digital states allow reconfigurable phase and amplitude responses. That means the reflected beam direction, polarization, and possibly even RCS (for a given target) can be modified dynamically. For a Doppler radar, being able to alter beam characteristics dynamically could help in clutter suppression, angle-gating, or adaptive targeting.

  • In a radar system that uses a metasurface as an active reflector (or re-radiator), the control of reflection phase means one could modulate the effective Doppler signature of a target reflector—but that is more speculative.

  • The high frequency (Ku-band) means faster Doppler sampling (higher unambiguous velocity) and better resolution of micro-motions (since wavelength is smaller). Thus a Ku-band metasurface could support a radar system with enhanced sensitivity to small motions, provided the rest of the radar chain is built accordingly.

  • On the flip side, metasurfaces may introduce additional latency or phase noise because switching states (PIN diodes, DC control) might introduce jitter or switching transitions which degrade coherent Doppler measurement. For accurate Doppler processing, the stability of the reflection phase and amplitude is critical.

  • Finally, if the metasurface is large and forms part of an array, inertia (thermal drift, mechanical stability) may affect Doppler measurement stability over time; this is more a systems-engineering matter.

In sum: while the metasurface is not specifically optimized for Doppler radar in the paper, the architecture offers a path toward beam agile or adaptive radar apertures, which can enhance Doppler radar systems when integrated carefully.

Digital communications performance

This is perhaps the domain with the most direct relevance: digital metasurfaces have been studied for communications (programmable wavefront shaping, beam‐steering, reconfigurable antennas, RIS for 6G) and the 2-bit Ku-band metasurface offers direct communications implications.

Performance considerations:

  • The 2-bit coding means each meta-atom has four discrete states (00, 01, 10, 11) with differing phase/amplitude/polarization responses. This enables the metasurface to encode information spatially (beam direction changes), polarisation changes, or to multiplex channels.

  • Ku-band is widely used for satellite communications, radar, terrestrial fixed links; a programmable metasurface in that band could be used for high-speed beam-steering, adaptive links, or reconfigurable reflectors that support communications links.

  • The “infinitely scalable” array means one could build large-aperture reconfigurable reflectors to steer, redirect or shape beams dynamically, which is valuable for communications (e.g., dynamically redirecting a link, forming multi-user beams, or implementing reflect-repeater functions).

  • The dual polarisation capability enables additional communication channels (polarisation-division multiplexing).

  • However, to assess actual communications performance you look at metrics like bit error rate (BER), throughput, latency, link budget, fading resilience. The paper currently does not report these metrics (it is more focused on gain/efficiency/scalability). So while the hardware is promising, further work is needed to validate communication-bit performance.

  • In RIS/ISAC (integrated sensing and communications) work, digital metasurfaces have been used to shape waveforms, control scattering, and create multi-channel links. For example, a paper in National Science Review by Jun Chen et al. explores space-frequency-polarization-division multiplexed wireless communications using a digital coding metasurface. (dds.sciengine.com) Thus the community is already moving toward metasurface-enabled communications.

  • A key trade-off is switching speed and control latency: for communications links you need rapid state switching (to track mobility, beam-hop) and low insertion/phase loss. The prototype’s aperture efficiency (21 %) suggests modest losses, which might impact link margin in communications.

  • Another trade-off: with more meta-atoms and more states (beyond 2-bit) you could increase granularity of beam steering, but control complexity (DC routing, switching network) increases — the architectural innovation of RF-DC separation helps reduce that complexity.

Thus, the paper’s metasurface offers a promising building block for advanced communications systems (especially high-frequency links) and supports the broader trend of reconfigurable intelligent surfaces (RIS) and digital metasurfaces in 6G/ISAC scenarios.


Why this matters — from research to systems

From a broader perspective, this advancement is significant for several reasons:

  • Scalability: One of the key limitations of large metasurfaces has been the DC control network (wiring, routing, switching overhead) when moving to many elements and multiple states per element (e.g., 2-bit). By decoupling the RF metasurface from the DC control board, the authors claim “infinitely scalable” two-dimensional tiling. That opens the path to very large apertures at Ku-band with reasonable manufacturing and assembly overhead.

  • Dual-polarisation in a 2-bit metasurface at Ku-band: Putting these capabilities together (frequency band, coding depth, polarisation) is rare. Many prior metasurfaces are single-polarisation, lower frequency or limited size.

  • Applications:

    • For radar: A large, steerable metasurface could act as a reflect-array, or as part of an adaptive array, enabling perhaps more agile radar systems or low-cost reflectors for remote sensing.

    • For communications: A steerable Ku-band metasurface enables dynamic beamforming or intelligent reflectors for satellite or terrestrial links — especially relevant for emerging high-throughput satellite (HTS) systems, mobile 6G backhaul, and RIS paradigms.

    • For integrated sensing & communications (ISAC): Because the metasurface supports both beam-steering and dual polarisation, one could imagine using the same hardware for both radar (sensing) and communications links, enabling shared infrastructure — which is a strong trend in wireless systems.

  • Research momentum: The field of digital or coding metasurfaces has been rapidly growing. Earlier works utilise 1-bit metasurfaces, or focus on RCS reduction and beam steering at lower frequencies. For example, there is a 2-bit wide-angle coding metasurface for bistatic RCS reduction (8 GHz) reported at Southeast University. (Frontiers) The current paper pushes the envelope in frequency (Ku-band) and scale.

  • Trade-offs and open challenges remain: efficiency, switching speed, loss, reliability over large apertures, manufacturability, thermal/mechanical stability, integration with radar/communication front ends. Also for SAR/doppler applications, calibration and coherent behaviour across a large array are critical. For communications, insertion loss and phase noise matter.

  • Commercial implication: With Ku-band being a key band for satellite communications (e.g., 12–14 GHz), defence radar, and emerging fixed links, a scalable metasurface offering high gain and reconfigurability could reduce size, cost and weight of antenna systems. It might enable new platforms (small satellites, drones) with large effective apertures achieved via tiling modules rather than rigid large dishes.


Outlook and Next Steps

Here are some thoughts on where things may go from here:

  • Integration with radar systems: Researchers and system integrators should test such metasurfaces in actual radar scenarios (e.g., SAR, ISAR, Doppler tracking). Metrics to evaluate include stability of phase across switching, beam shap ing accuracy, side-lobe levels, and long-term reliability in dynamic environments.

  • Communications proof-of-concept: Demonstrations of high-bit-rate links, beam-hopping, beam tracking, mobile scenario reflectors using such metasurfaces would validate their potential in ISAC/6G contexts. One can imagine a Ku-band intelligent reflector mounted on building façade dynamically redirecting satellite beams or forming links.

  • Higher bit coding: Moving beyond 2-bit (e.g., 3-bit, 4-bit) gives finer phase granularity and more beam‐shaping resolution. But it also brings increased complexity. The RF-DC separation architecture could be key for scaling higher-bit designs.

  • System-level trade-off studies: How does the metasurface perform in terms of power consumption, thermal dissipation, assembly cost, reliability in space/airborne environments? What is the trade between array size, gain, aperture efficiency, coded-state switching speed?

  • Standardisation and manufacture: For commercial uptake, manufacturability (tiling modules, PCB interconnection, mass production) and standards (for satellite links, radar platforms) will matter. The claim of “infinitely scalable” is promising but tiling thousands of elements in practice may pose mechanical, thermal, calibration and cost challenges.

  • Integration with ISAC waveforms: With the growing interest in integrated sensing & communications, metasurfaces like this may serve as the physical layer for joint radar/communications links: e.g., beam-steering for a communications link while simultaneously supporting radar imaging or target detection. The dual polarisation and steerable aperture fit this trend.


Conclusion

The paper “A 2-bit Ku-band Digital Metasurface with Infinitely Scalable Capability” represents a meaningful step in metasurface technology: combining 2-bit coding, Ku-band operation, dual polarisation, and a highly scalable architecture. When translated into radar and communications systems, it promises enhanced beam-forming, large effective apertures with modular tiling, dynamic reconfigurability and dual-use potential (sensing + communications). While the prototype’s measured gain and efficiency are real but still moderate, the architecture opens pathways for future larger systems. For SAR imaging, Doppler motion sensing and digital communications links, this metasurface could become a disruptive component — provided system integration, calibration and loss/efficiency trade-offs are addressed.


Sources

  1. Zon X., Shi H., Yang F., Liu Y., Xu S., Li M. “A 2-bit Ku-band Digital Metasurface with Infinitely Scalable Capability.” arXiv (Oct 16 2025). https://arxiv.org/abs/2510.14367 (arXiv)

  2. “A 2-bit Ku-band Digital Metasurface with Infinitely Scalable Capability | Cool Papers.” Papers.cool (2025). https://papers.cool/arxiv/2510.14367 (Cool Papers)

  3. Chen J., Chen X., Tang W., et al. “Space-frequency-polarization-division multiplexed wireless communication system using anisotropic space-time-coding digital metasurface.” National Science Review, vol. 9, 2022. https://doi.org/10.1093/nsr/nwac225 (dds.sciengine.com)

  4. Huang Y.F., Jiang Z.J., Liu L., Zhang H.C. “Design of a 2-Bit wide-angle coding metasurface for bistatic RCS reduction.” Frontiers in Materials, vol. 9, 2022. https://doi.org/10.3389/fmats.2022.956061 (Frontiers)

  5. “Ultra-Wideband Reconfigurable X-Band and Ku-Band Metasurface Beam-Steerable Reflector for Satellite Communications.” Electronics, 2021, 10(17): 2165. https://doi.org/10.3390/electronics10172165 (MDPI)



 

Low-Power Ka-Band Radar Chip Achieves Record Efficiency for Next-Generation Sensing Applications


A Low-Power Ka-Band Transceiver With 5.2-GHz Bandwidth for FMCW Radar Applications | IEEE Journals & Magazine | IEEE Xplore

Researchers at Zhejiang University demonstrate breakthrough transceiver design with 5.2-GHz bandwidth while consuming just 107.6 mW

A team of researchers from Zhejiang University and Donghai Laboratory has developed a low-power Ka-band frequency-modulated continuous wave (FMCW) radar transceiver that achieves unprecedented energy efficiency while maintaining high performance across multiple operational modes. The advancement, published in IEEE Transactions on Circuits and Systems—II: Express Briefs, represents a significant step toward making millimeter-wave radar technology practical for battery-powered Internet of Things (AIoT) devices, health monitoring systems, and portable sensing applications.

Technical Innovation and Performance

The transceiver, fabricated in 65-nm CMOS technology, achieves a maximum transmitter output power of 15.6 dBm with 35.3% drain efficiency at 34.6 GHz, while the receiver demonstrates a 49-dB conversion gain and a minimum double-sideband noise figure of 4.9 dB. What sets this design apart is its innovative low-voltage operating mode, where it achieves 7.68-dBm transmitter output power with 23.8% drain efficiency while consuming only 107.6 mW total power.

Led by Professors Zhiwei Xu and Nayu Li from Zhejiang University's State Key Laboratory of Ocean Sensing, the research team addressed critical challenges in millimeter-wave circuit design. The low-noise amplifier employs current multiplexing and Gm-boosting techniques to enhance energy efficiency, while a novel primary-coil current splitter improves gain and minimizes crosstalk between I/Q mixers.

Architectural Advantages

The team's primary-coil current splitter represents a notable innovation in power distribution for millimeter-wave receivers. Traditional approaches either use secondary-coil splitters that face combined large load capacitances or coupling-domain splitters that suffer from I/Q imbalance and crosstalk issues. The primary-coil current splitter achieves higher passive efficiency and reduced crosstalk by allowing two transformers to separately face the parasitic capacitance of single-branch mixers, effectively increasing inductance with better quality factors.

The system operates across 32.4–37.6 GHz with measured phase noise of -100.6 dBc/Hz at 1-MHz offset with a 32.4-GHz carrier, and demonstrates an RMS frequency error of just 2.94 MHz (0.073%) for a sawtooth chirp with 4-GHz chirp bandwidth and 200-µs chirp-up time.

Performance Analysis Across Radar Modalities

Synthetic Aperture Radar (SAR) Applications

While not explicitly designed for SAR operation, the transceiver's characteristics suggest promising capabilities for short-range SAR imaging. The 5.2-GHz instantaneous bandwidth translates to theoretical range resolution of approximately 2.9 cm, making it suitable for high-resolution imaging applications. The low power consumption becomes particularly advantageous for SAR systems mounted on small unmanned aerial vehicles (UAVs) or mobile platforms where battery life is critical.

The phase noise performance is crucial for SAR coherency requirements. With phase noise variation of only 3.1 dB across the 32.4–36.4 GHz chirp band, the system maintains sufficient phase stability for coherent integration over multiple pulses. However, the relatively modest transmit power of 15.6 dBm would limit operational range compared to traditional airborne SAR systems, positioning this technology more appropriately for ground-based or close-range imaging scenarios.

Doppler Radar Performance

The transceiver excels in Doppler velocity measurement applications. Over-the-air testing demonstrated successful detection and velocity estimation of moving targets using two-dimensional FFT processing to analyze Doppler components. The Ka-band operating frequency provides excellent Doppler sensitivity, with velocity resolution capabilities suitable for automotive, gesture recognition, and vital signs monitoring applications.

The system successfully detected multiple targets simultaneously, with testing showing concurrent detection of corner reflectors positioned at ranges from 7.6 m to 33.8 m. The low phase noise characteristics prove particularly beneficial for Doppler processing, where phase coherency directly impacts velocity measurement accuracy.

The receiver's in-band input-referred 1-dB compression point of -36.1 to -31.2 dBm and out-of-band compression point of -27 to -21 dBm indicate reasonable dynamic range for typical short-to-medium range Doppler radar scenarios. For applications requiring extended dynamic range, reducing mixer and baseband gain to 0 dB improves both compression points to -15 dBm.

Digital Communications Potential

Though designed primarily for radar, the transceiver architecture shows interesting potential for joint radar-communication systems—an emerging area of research. The wide instantaneous bandwidth of 5.2 GHz could theoretically support multi-gigabit per second data rates in communication applications.

However, several factors would need consideration for communication deployment. The transmitter's linearity, while adequate for FMCW radar where constant envelope modulation dominates, would require characterization for amplitude-modulated communication waveforms. The measured drain efficiency of 35.3% at maximum power suggests class-B operation, which typically exhibits nonlinear amplitude response.

Recent research has explored dual-use radar-communication systems at Ka-band. Zhao et al. from Tsinghua University demonstrated a Ka-band phased-array transceiver supporting both radar and communication functions, though with significantly higher power consumption. The Zhejiang University design's emphasis on power efficiency could enable similar dual-mode operation in portable applications where previous solutions proved impractical.

Antenna Integration and System Validation

A critical innovation lies in the complete system integration approach. The team designed an inverted shunt-fed patch antenna array fabricated on Rogers 4550F substrate, achieving 13.43-dBi gain with sidelobe levels below -11.78 dB and 3-dB beamwidth of 16.3° in the vertical plane and 60.2° in the horizontal plane.

The antenna exhibits simulated gain ranging from 10.73 dBi to 13.43 dBi with input reflection coefficient below -8.2 dB across 32–38.5 GHz. This antenna design overcomes traditional bandwidth limitations of microstrip patches through multi-layer coupling structures and optimized ground plane configuration.

The transceiver chip uses flip-chip chip scale package (FC-CSP) technology mounted on a 6-layer substrate with solder bumps, then integrated onto a printed circuit board via ball grid array, minimizing parasitic effects of chip-package-board interconnections.

Competitive Landscape and Industry Context

The millimeter-wave radar market has seen intense development activity, particularly for automotive and consumer applications. Major semiconductor manufacturers including Texas Instruments, NXP, Infineon, and Analog Devices have released Ka-band radar chipsets, though most target automotive applications with different power and cost profiles.

Compared to recent state-of-the-art Ka-band FMCW radar transceivers, the Zhejiang University design demonstrates the lowest front-end power consumption while maintaining competitive bandwidth. Prior work by Ding et al. achieved 2-GHz bandwidth but consumed more power, while Deng and Wu's design provided high output power at the cost of increased power consumption.

The emphasis on dual-mode operation (normal and low-voltage) distinguishes this work from commercial offerings. This flexibility enables system designers to trade performance for battery life depending on application requirements—a critical capability for wearable and portable devices.

Market Implications and Applications

The research addresses growing demand for low-power millimeter-wave sensing in several emerging markets:

Healthcare Monitoring: The fully integrated design with baseband accelerator enables vital signs monitoring applications, where contactless detection of respiration and heartbeat provides advantages over traditional contact-based sensors. The low power consumption makes continuous monitoring feasible in wearable form factors.

Gesture Recognition and Human-Machine Interfaces: Millimeter-wave radars enable fine-grained gesture recognition for IoT applications, with recent research demonstrating 4-D gesture sensing capabilities at 60 GHz. The Ka-band frequency provides similar resolution capabilities with potentially better range performance.

Industrial Sensing: The high bandwidth enables precise distance measurement for industrial automation, robotics, and material handling applications where sub-centimeter accuracy is required. Measured distance errors of less than ±0.12 m demonstrate practical accuracy for these applications.

Automotive Applications: While the automotive radar market has largely standardized around 77-79 GHz, the 35-GHz Ka-band offers advantages for specific applications. The frequency allocation supports large modulation bandwidth for high-precision detection, with lower atmospheric loss compared to W-band.

Technical Challenges and Future Directions

Despite impressive performance, several challenges remain for widespread adoption:

Range Limitations: The relatively modest transmit power of 15.6 dBm limits detection range compared to higher-power alternatives. While adequate for many AIoT and consumer applications, automotive and longer-range industrial applications may require power amplifier enhancements.

Integration Complexity: The system requires careful co-optimization of chip, package, and antenna through electromagnetic simulation to ensure optimal impedance matching. This complexity increases manufacturing cost and development time.

Regulatory Considerations: Commercial deployment requires navigation of frequency allocation regulations, which vary by region and application. The Ka-band includes frequency ranges allocated for different services, requiring careful frequency planning.

Research Team and Institutional Support

The research was conducted by a collaborative team from Zhejiang University's State Key Laboratory of Ocean Sensing and Donghai Laboratory's Institute of Intelligent Marine Sensing and Communications. Lead researchers include Shengjie Wang, Wenyan Zhao, Jiangbo Chen, Quanyong Li, Jingwen Xu, Nayu Li, Huaicheng Zhao, Gaopeng Chen, Chunyi Song, Xiaokang Qi, and Zhiwei Xu.

The work received support from the National Natural Science Foundation of China Key Project (Grant 62434008), the National Key Research and Development Program of China (Grant 2023YFB4403304), and the Key Research and Development Program of Zhejiang Province (Grant 2022C01231).

Conclusion

The Zhejiang University team's Ka-band transceiver demonstrates that millimeter-wave radar technology can achieve the power efficiency necessary for battery-operated applications without sacrificing bandwidth or sensitivity. The dual-mode operation and integrated antenna solution provide a pathway toward practical implementation in size- and power-constrained applications.

As millimeter-wave sensing continues expanding beyond traditional automotive and military applications into consumer electronics, healthcare, and industrial automation, innovations in power efficiency become increasingly critical. This research contributes important circuit techniques and system integration approaches that enable next-generation portable radar systems.

The primary-coil current splitter technique and current-multiplexing low-noise amplifier design may find application in other millimeter-wave systems beyond radar, including 5G/6G communications and high-resolution imaging systems. The demonstrated performance across multiple operational modes suggests a design methodology applicable to broader classes of millimeter-wave transceivers where power efficiency cannot compromise functionality.


Sources

  1. Wang, S., Zhao, W., Chen, J., Li, Q., Xu, J., Li, N., Zhao, H., Chen, G., Song, C., Qi, X., & Xu, Z. (2025). A Low-Power Ka-Band Transceiver With 5.2-GHz Bandwidth for FMCW Radar Applications. IEEE Transactions on Circuits and Systems—II: Express Briefs, 72(10), 1363-1367. https://doi.org/10.1109/TCSII.2025.3598049

  2. Ginsburg, B. P., et al. (2018). A multimode 76-to-81GHz automotive radar transceiver with autonomous monitoring. IEEE International Solid-State Circuits Conference (ISSCC), Digest of Technical Papers, 158-160. https://doi.org/10.1109/ISSCC.2018.8310235

  3. Li, Y., Gu, C., & Mao, J. (2022). 4-D gesture sensing using reconfigurable virtual array based on a 60-GHz FMCW MIMO radar sensor. IEEE Transactions on Microwave Theory and Techniques, 70(7), 3652-3665. https://doi.org/10.1109/TMTT.2022.3176886

  4. Wang, S., et al. (2024). A low-power 23–25.5-GHz FMCW radar transceiver in 65-nm CMOS for AIOT applications. IEEE Transactions on Microwave Theory and Techniques, 72(4), 2560-2576. https://doi.org/10.1109/TMTT.2023.3331909

  5. Zhao, F., et al. (2024). A Ka-band 4TX/4RX dual-stream joint radar-communication phased-array CMOS transceiver. IEEE Transactions on Microwave Theory and Techniques, 72(3), 1993-2008. https://doi.org/10.1109/TMTT.2023.3321989

  6. Diao, P., et al. (2025). A fully integrated Ka-band FMCW radar SoC with baseband accelerator for vital signs monitoring in 40-nm CMOS. IEEE Transactions on Microwave Theory and Techniques, 35(6), 884-887. https://doi.org/10.1109/LMWT.2025.3551781

  7. Ding, B., Yuan, S., Zhao, C., Tao, L., & Tian, T. (2019). A Ka band FMCW transceiver front-end with 2-GHz bandwidth in 65-nm CMOS. IEEE Transactions on Circuits and Systems II: Express Briefs, 66(2), 212-216. https://doi.org/10.1109/TCSII.2018.2843343

  8. Jia, H., et al. (2016). A 77 GHz frequency doubling two-path phased-array FMCW transceiver for automotive radar. IEEE Journal of Solid-State Circuits, 51(10), 2299-2311. https://doi.org/10.1109/JSSC.2016.2585621

 

Tuesday, October 21, 2025

UC San Diego’s Center for Healthcare Cybersecurity Protects Patients and Keeps Hospitals Running


UC San Diego’s Center for Healthcare Cybersecurity Protects Patients and Keeps Hospitals Running

When Hackers Target Hospitals: How UC San Diego Scientists Are Building a Cyberattack First-Aid Kit

A new mobile system can restore critical hospital operations in hours after ransomware attacks, as research reveals the deadly toll cybercrime is taking on American healthcare—and how the digital revolution itself has created new vulnerabilities

The basement of UC San Diego's medical simulation center has become an unlikely proving ground for one of healthcare's most urgent challenges. Here, physicians in scrubs work alongside computer scientists to deploy what they call a "hospital IT system in a box"—a rapidly deployable network designed to keep patients safe when cyberattacks shut down the digital infrastructure modern medicine depends on.

Project CRASHCART, as the system is known, represents a radical response to an escalating crisis that claimed an estimated 42 to 67 Medicare patient lives between 2016 and 2021, according to research from the University of Minnesota School of Public Health. In 2024 alone, 444 reported incidents impacted healthcare, comprised of 238 ransomware threats and 206 data breach incidents, with 259 million Americans having their personal health information compromised.

The stakes have never been higher. In 2024, the average ransom demand was more than $3.5 million, with $133.5 million in confirmed payments to ransomware groups, while the number of patient records affected by protected health information data breaches increased from 6 million in 2010 to 170 million in 2024.

"Ransomware and other attacks on national critical healthcare infrastructure are a serious patient safety problem," says Jeff Tully, an anesthesiologist and co-director of UC San Diego's Center for Healthcare Cybersecurity. "They can disrupt the care of patients with time-sensitive medical conditions like stroke, heart attack, or sepsis and lead to worse outcomes."

The Digital Revolution's Dark Side

The very technologies that have revolutionized healthcare—electronic health records, computerized prescribing systems, and wireless networks—have simultaneously created unprecedented vulnerabilities. The digitization of medical records has changed the landscape of healthcare systems worldwide, with EHRs requiring less manpower, time, and physical storage than paper-based records, but the ease of access is accompanied by rising cybersecurity threats and challenges.

EHRs are valuable to cyber attackers because of the Protected Health Information they contain and the profit they can make on the dark web or black market, with stolen healthcare data the most valuable, with average breach incident costs totaling $9.23 million in 2021. Falling victim to a phishing scam made up most of the number of EHRs affected, with 221 incidents directly attributed to phishing scams and 119 reported breaches related to ransomware.

The healthcare industry began integrating electronic health records before the internet matured, leading to foundational weaknesses that persist today. Many healthcare facilities use off-the-shelf operating systems like Windows, Linux, and Unix, making them vulnerable to the same attacks that target regular computers. All devices using the same operating systems can be infected with the same viruses, thereby increasing the scope of security risks.

The E-Prescribing Paradox

Electronic prescribing systems, mandated in 35 states and credited with reducing medication errors, have introduced their own security challenges. Information contained in an e-prescription is considered Protected Health Information under HIPAA, and providers must hold their Business Associates accountable to safeguard this information, with some industry stakeholders fearing that federal and state regulations are outpacing the ability of providers to successfully and safely follow them.

Centralized e-prescription systems are vulnerable to Distributed Denial of Service (DDoS) cyber-attacks, with many researchers and medical institutions arguing that there is a loss of patient privacy and security when using centralized systems. The challenges of e-prescription systems consist primarily of security and privacy concerns, the lack of interoperability between various systems, and the high cost to implement some e-prescription systems, with e-prescriptions containing sensitive patient data that could become compromised.

The systems can also introduce new types of errors. A study found that 42.4% of 1,164 prescribing errors were system-related, with electronic prescribing systems generating new tasks for prescribers that create additional cognitive load and error opportunities.

The Drone Threat: WiFi Networks Under Siege

A particularly insidious vulnerability has emerged from an unexpected quarter: drones equipped with wireless hacking tools. Drones are predominantly used to target guest Wi-Fi connections and short-range Wi-Fi, Bluetooth and other wireless devices. Such connections are not protected due to current security measures, which assume that no one could get close enough to compromise them or to access internal networks via wireless signals.

In a real-world attack on a U.S. East Coast financial firm in 2022, modified DJI drones carrying Wi-Fi Pineapple devices were discovered on the building's roof. The Phantom drone had been used days prior to intercept a worker's credentials and Wi-Fi, with this data later hard coded into tools deployed with a second Matrice drone that targeted the company's internal systems.

Hospitals or clinics that rely on wireless for staff tablets, scanners, or telemedicine face particular risks. A single misconfigured access point can let attackers manipulate medical records or intercept patient data, with HIPAA demanding robust WPA2/WPA3 usage, network segmentation isolating guest Wi-Fi from medical device VLANs, and logging of all access.

Gateway devices used between systems and patients are at risk, as attackers can perform man-in-the-middle attacks, steal the gateways, or create "rogue gateways," essentially masquerading as the real gateways to intercept data without authorization.

The Human Cost of Cyberattacks

The deadly consequences of healthcare ransomware attacks have been documented in both research and tragic legal cases. Between 2016 and 2021, ransomware attacks killed between 42 and 67 Medicare patients, with the true number likely even larger when including patients with other types of health insurance coverage.

During a ransomware attack, mortality rates increase from roughly 3 out of 100 hospitalized Medicare patients to 4 out of 100, with even higher rates for patients at hospitals experiencing the most severe attacks (mortality rate increase of 36-55%) and for patients of color (increase of 62-73%).

The first suspected ransomware-related death in the United States became the subject of a landmark lawsuit. In July 2019, Teiranni Kidd arrived at Springhill Medical Center in Mobile, Alabama to deliver her daughter while the hospital was struggling with a ransomware attack. The hospital's computer systems were disabled for nearly eight days, patient health records were inaccessible, and fetal monitoring equipment was compromised. The baby was born with severe brain damage after the umbilical cord wrapped around her neck—a condition that might have been detected earlier with functioning monitoring systems—and died nine months later.

The lawsuit alleged that doctors and nurses failed to conduct multiple tests that would have revealed the umbilical cord problem due to the distraction of the ongoing ransomware attack, with the number of healthcare providers who would normally monitor labor and delivery substantially reduced.

Internationally, Germany documented a similar tragedy in 2020 when a female patient from Düsseldorf requiring critical care was transferred 19 miles away to another hospital after a September 9 ransomware attack disabled systems at Düsseldorf University Hospital. Though investigators ultimately concluded the patient's severe medical condition would have proven fatal regardless of the delay, the incident highlighted the life-or-death stakes of hospital cyberattacks.

A Record-Breaking Crisis

The healthcare sector has become hackers' primary target. In 2024, healthcare made 592 regulatory filings of reported 'hacks' of protected health information to the Department of Health and Human Services Office of Civil Rights, with 190 million of those records compromised in the Change Healthcare ransomware attack alone.

The Change Healthcare attack in February 2024 represented an unprecedented national-scale disruption. Change Healthcare processes 15 billion healthcare transactions annually—touching 1 in every 3 patient records—including insurance eligibility verification, drug prescriptions, claims transmittals and payment. The attack by the Russian ransomware group ALPHV BlackCat encrypted and incapacitated significant portions of the company's functionality.

A March 2024 survey of nearly 1,000 hospitals found that 74% reported direct patient care impact, including delays in authorizations for medically necessary care, while 94% reported financial impacts and 33% reported disruption to more than half of their revenue. Change Healthcare paid a $22 million ransom to prevent the release of stolen data only for the ransomware group to pull an exit scam, with the affiliate behind the attack providing the data to RansomHub group, which tried to get a further ransom payment. By October 2024, losses from the attack had reached $2.9 billion.

The HIPAA Enforcement Response

Federal regulators have intensified enforcement in response to the crisis. The HHS Office for Civil Rights closed 22 investigations of data breaches and complaints with financial penalties in 2024, collecting $12,841,796 in penalties, with the average HIPAA enforcement penalty in 2024 topping $554,000.

Since the compliance date of the Privacy Rule in April 2003, OCR has received over 374,321 HIPAA complaints and has initiated over 1,193 compliance reviews, resolving ninety-nine percent of these cases. However, risk analysis failures are by far the most commonly identified HIPAA Security Rule violation, with OCR launching a new enforcement initiative focused specifically on this compliance gap.

The scope of violations extends beyond ransomware. Covered entities are required to report breaches of unsecured protected health information within 60 days, and OCR finds out about HIPAA violations through breach reports, patient complaints, and whistleblower protection for reporting non-compliance. Criminal penalties can be severe: offenses committed with intent to sell, transfer or use individually identifiable health information for commercial advantage, personal gain or malicious harm permit fines of $250,000 and imprisonment up to 10 years.

Project CRASHCART: A Hospital in a Suitcase

Against this backdrop, UC San Diego's innovative response offers hope for rapid recovery. Project CRASHCART aims to compress hospital downtime from weeks to hours. The system—which fits into several large cases—includes laptops, networking equipment, and a satellite internet connection that generates a private 5G cellular network.

During a recent test deployment, the team unspooled 150 feet of ethernet cable across campus to a satellite antenna, then connected it to equipment in the simulation center basement. Within 42 minutes, they had a functioning network capable of supporting multiple simultaneous video conferences and real-time medical data transmission.

"We can bring Project CRASHCART to hospitals that have been affected by ransomware and set up many of the same types of technologies that doctors and nurses are using to safely take care of patients, including electronic health records, radiology, and laboratory systems," Tully explains. "The project has the potential to reduce hospital downtime from weeks or months to days or even hours."

Research from the Center for Healthcare Cybersecurity has documented the ripple effects of hospital cyberattacks. During a months-long ransomware attack on one hospital, two nearby emergency departments experienced dramatic spikes in patient volume, ambulance arrivals, and wait times. Most alarmingly, the chance that cardiac arrest patients at these neighboring hospitals would survive with favorable neurological outcomes decreased by a factor of 10.

"Our research has shown that even a single attack can have regional impacts, overwhelming nearby hospitals with an influx of patients," says Christian Dameff, the center's co-director and an emergency medicine physician. "It's not just a local issue—it's a national security concern."

Challenging Conventional Wisdom

The center's research extends beyond emergency response systems. In a groundbreaking randomized controlled trial involving nearly 20,000 UC San Diego Health employees, researchers tested whether standard cybersecurity awareness training actually works. Participants received 10 simulated phishing attempts via email over eight months.

The surprising result: employees who had recently completed cybersecurity training were no more likely to identify phishing attempts than their untrained colleagues. For some types of phishing content, they were actually less likely to catch the deception.

"We're trying to bring more academic rigor to healthcare cybersecurity, constructing trials that are designed to prove evidence of benefit, in the same way that you would evaluate a new drug or a new surgery," Dameff says. The findings suggest that institutions should focus less on training individuals and more on systemic protections like two-factor authentication and password managers.

In 2024, 70% of affected healthcare organizations reported negative impacts on patient care because of cyberattacks, while 28% of organizations reported higher patient mortality due to cyberattacks, a 21% increase compared to the previous year. Additionally, 56% of organizations experienced delays in procedures or tests caused by cyberattacks in 2024, while 64% of ransomware attacks resulted in procedural delays.

The Broader Attack Landscape

Forescout's analysis of 734 data breaches in 2024, each affecting more than 5,000 individuals, reveals a staggering average of over two incidents daily, with ransomware as the top cause. LockBit stands out as the most active ransomware group, implicated in nearly 19% of analyzed breaches, with ALPHV/BlackCat and Clop each involved in around 10 to 11% of cases.

The financial impact is staggering. There were 181 confirmed ransomware attacks on healthcare providers in 2024 involving 25.6 million healthcare records, with an average ransom demand of $5.7 million and average ransom payment of $900,000.

Rural hospitals face particular vulnerability. "They often lack the resources or technologies that can help keep them safe and secure," Tully says. "When we think about resiliency, you're only as safe as the weakest link in the chain."

Medical Device Vulnerabilities

The center also investigates security weaknesses in internet-connected medical devices. Research has documented troubling vulnerabilities: pacemakers that can be hacked to deliver inappropriate shocks, insulin pumps that could be manipulated to release dangerous doses, and countless other critical devices running vulnerable software.

This spring, Dameff testified before the U.S. House Oversight and Investigations Committee about the cybersecurity risks of legacy medical devices—older equipment no longer supported by manufacturers or running outdated software.

Training for the Digital Disaster

The center has developed simulation exercises that force clinicians to problem-solve while caring for critically ill patients with no access to electronic medical records, imaging, or communication systems. These exercises help medical personnel recognize when technology failures or cyberattacks may be affecting patient care.

A separate study used tabletop simulations with hospital leadership, testing their response to a hypothetical ransomware attack. The results revealed that healthcare institutions are far less prepared for cybersecurity threats than for natural disasters or epidemics.

A Moonshot for Healthcare Security

Much of the center's work falls under the Healthcare Ransomware Resiliency and Response Program, funded by the Advanced Research Projects Agency for Health (ARPA-H). "ARPA-H is dedicated to solving intractable problems with really creative moonshot style approaches," Tully says.

The center received the first ARPA-H contract within the UC system, enabling rapid development of innovations like Project CRASHCART, which went from concept to functioning prototype in under two years.

Project CRASHCART is part of a broader national effort to build resilience. The center also continuously monitors the internet via publicly available digital signals for signs of cyberattacks, with the goal of detecting attacks early to minimize their impact.

"Our system picks up a lot of unexpected things," Dameff notes. "You build a telescope to look at the moon. All of a sudden you get the benefit of looking at Mars, asteroids, and stars—something you never thought possible until you built it."

As healthcare grows ever more dependent on digital infrastructure—from electronic health records to wireless prescription systems to drone-vulnerable WiFi networks—the center's mission becomes increasingly critical. "The critical healthcare services that we depend on as human beings in society are predicated on connected technology," Dameff says. "A core mission of the center is to understand the risk so that we can focus our efforts on securing the most vital systems."

The ultimate goal is a future where cyberattacks on hospitals become manageable incidents rather than catastrophes—where rapid response systems, hardened wireless networks, and robust defenses ensure that patient care continues uninterrupted, regardless of what threats emerge from the digital realm. With ransomware attacks having already claimed dozens of lives and disrupted care for millions more, that future cannot come soon enough.

SIDEBAR: Project CRASHCART - A Hospital in 42 Minutes

The Digital Crash Cart: Speed When Seconds Count

In medical emergencies, when a patient's heart stops, doctors rush to the bedside with a crash cart—a mobile unit packed with defibrillators, medications, and life-saving equipment. Now, UC San Diego researchers have created a digital equivalent for when a hospital's entire IT system flatlines during a ransomware attack.

Project CRASHCART can restore critical hospital operations in 42 minutes.

What's in the Box?

The system fits into several large transport cases and includes:

  • Laptops running hospital software
  • Satellite internet antenna and receiver
  • 5G cellular network generator
  • 150+ feet of ethernet cabling
  • Network hubs and routers
  • Medical device connectivity equipment

From Unpacking to Operating Room

Traditional ransomware recovery: Weeks to months of downtime

CRASHCART deployment record: 42 minutes to fully operational

During a recent test at UC San Diego's Simulation Training Center, the team demonstrated the full deployment:

Minutes 0-15: Unspool ethernet cable from building to satellite antenna on lawn

Minutes 15-25: Connect satellite link to basement hub, activate private 5G network

Minutes 25-35: Set up laptops and medical equipment in simulation rooms

Minutes 35-42: Run stress tests—simultaneous video calls, vital sign monitoring, ultrasounds

Minute 42: System operational and resilient under maximum load

What It Can Do

Once deployed, CRASHCART provides:

  • Electronic health records - Doctors can access patient histories, allergies, medications
  • Laboratory systems - Blood tests, cultures, diagnostic results
  • Radiology - X-rays, CT scans, MRIs viewable throughout hospital
  • Vital signs monitoring - Real-time blood pressure, oxygen levels, heart rhythms
  • Telemedicine - Video consultations with specialists
  • E-prescribing - Medication orders sent directly to pharmacy

The Real-World Stakes

Why does speed matter? Consider what happens during a typical ransomware attack:

  • Emergency departments go on divert status - ambulances rerouted to other hospitals
  • Elective surgeries canceled - potentially life-saving procedures delayed
  • ICU monitoring degraded - nurses manually record vital signs on paper
  • Lab results delayed - critical diagnoses missed
  • Neighboring hospitals overwhelmed - creating regional healthcare crisis

Research shows that during ransomware attacks:

  • Cardiac arrest survival rates at nearby hospitals decrease by a factor of 10
  • Hospital patient volume drops 25% in the first week
  • Mortality rates increase from 3% to 4% for hospitalized Medicare patients
  • Some patients experience mortality rate increases of 36-55%

Built for the Most Vulnerable

The team designed CRASHCART specifically for hospitals at greatest risk:

Rural hospitals often lack dedicated IT security staff and operate on thin margins

Critical access hospitals serve remote communities with no backup facilities nearby

Resource-constrained facilities can't afford expensive backup systems or cyber insurance

"You're only as safe as the weakest link in the chain," explains Dr. Jeff Tully. "When we think about resiliency, a lot of our work is to develop really beneficial resources that can be given to these types of hospitals."

Testing to Failure (On Purpose)

During each deployment test, the team deliberately tries to crash the system:

  • Opening dozens of simultaneous video conferences
  • Streaming multiple ultrasound exams at once
  • Transmitting vital signs from multiple "patients"
  • Accessing electronic records continuously
  • Running all systems at maximum capacity

If the network survives the stress test, it passes. "Failure to crash the network is a sign of success," the team notes.

The Interdisciplinary Advantage

What makes CRASHCART work is the unusual team composition:

Emergency physicians understand crisis care priorities

Anesthesiologists know life-support system requirements

Computer scientists design resilient networks

Network engineers ensure satellite connectivity

Cyber analysts anticipate attack scenarios

Graduate students innovate rapid solutions

"All of these folks come together to accomplish what had previously been thought to be an impossible task," says Dr. Christian Dameff, the project's co-director.

From Moonshot to Reality

  • Funding: Advanced Research Projects Agency for Health (ARPA-H)
  • Program: Healthcare Ransomware Resiliency and Response (HR3P)
  • Development time: Concept to working prototype in under 2 years
  • Significance: First ARPA-H contract awarded in UC system

ARPA-H, the federal "moonshot" agency for health innovation, specifically seeks solutions to intractable problems. Before CRASHCART, no rapid-deployment system existed for ransomware-crippled hospitals.

Beyond Ransomware

While designed for cyberattacks, CRASHCART has broader applications:

  • Natural disasters damaging hospital infrastructure
  • Power grid failures requiring backup connectivity
  • Mass casualty events needing surge capacity
  • Pandemic response supporting field hospitals
  • Infrastructure upgrades maintaining care during system transitions

The Financial Case

For hospitals, the economics are compelling:

Average ransomware impact:

  • $2.4 billion (Change Healthcare, 2024)
  • $9.23 million average breach cost
  • ½ to 1% of annual operating revenue lost
  • Weeks to months of reduced capacity

CRASHCART benefit:

  • Hours instead of weeks offline
  • Maintained revenue stream
  • No patient diversions
  • Regional system protected
  • Potential lives saved: immeasurable

What's Next?

The team continues improving the system:

  • Reducing deployment time - Can they beat 42 minutes?
  • Expanding capabilities - Adding more hospital functions
  • Training response teams - Preparing for nationwide deployment
  • Testing in real hospitals - Beyond simulation centers
  • Documenting protocols - Enabling other institutions to replicate

The Vision

"We envision a future where cyber attacks on hospitals are of little consequence where we can rapidly respond to them and take care of patients in a safe manner," Dameff explains.

With 444 healthcare cyberattacks in 2024 alone, that future can't come soon enough.


By the Numbers:

42 minutes - Record deployment time

150 feet of cable connecting satellite to hospital

5G private cellular network generated on-site

2 years from concept to working prototype

259 million Americans' health records compromised in 2024

42-67 estimated Medicare patient deaths from ransomware, 2016-2021

$3.5 million average ransom demand in 2024

25% drop in hospital capacity during first week of attack

10x decrease in cardiac arrest survival at nearby hospitals during attack


"Research sponsored by ARPA-H can fundamentally change the equation when it comes to some of the most vulnerable hospitals because at the end of the day, if we can respond quickly with something like Project CRASHCART, we can restore safe patient care at these hospitals and get them back to doing what they need to do for their communities, which is care for the sickest patients around."

— Dr. Christian Dameff, Co-Director, UC San Diego Center for Healthcare Cybersecurity

 

SIDEBAR: When the Cybersecurity Experts Got Hacked

UC San Diego Health: From Victim to Innovator

The researchers at UC San Diego's Center for Healthcare Cybersecurity aren't just studying ransomware attacks in the abstract. They know firsthand what it's like to be on the receiving end of a cyberattack—because their own institution was breached.

The Attack That Hit Home

December 2, 2020 - April 8, 2021

While UC San Diego Health's cybersecurity researchers were beginning to conceptualize what would become Project CRASHCART, hackers were quietly infiltrating their own organization through a successful phishing attack.

The breach ultimately affected 495,949 patients, employees, and students—nearly half a million people whose sensitive information was exposed over a four-month period.

What the Hackers Got

The compromised data was extensive:

  • Full names, addresses, dates of birth
  • Social Security numbers
  • Medical diagnoses and conditions
  • Laboratory results
  • Prescription information
  • Treatment records
  • Payment card numbers
  • Medical record numbers
  • Government identification numbers
  • Student ID numbers
  • Email addresses and passwords

In other words: everything needed for identity theft, medical fraud, and financial crimes.

The Timeline: A Slow Discovery

March 12, 2021: Suspicious activity detected

April 8, 2021: Security team identifies it as a breach and terminates access (nearly a month later)

May 25, 2021: Confirms protected health information was compromised

July 27, 2021: Public announcement posted

September 7, 2021: Individual notifications begin—five months after the breach was stopped

The Lawsuit: A Patient Speaks Out

Cancer patient Denise Menezes, being treated at UC San Diego Health's Moores Cancer Center, filed a class-action lawsuit alleging that "the data breach occurred because UC San Diego Health failed to implement reasonable security procedures and practices, failed to provide its employees with basic cybersecurity training designed to prevent phishing attacks, failed to take adequate steps to monitor for and detect unusual activity on its servers, and failed to timely notify the victims of the data breach".

The complaint noted that Menezes "suffered emotional distress knowing that her highly personal medical and treatment information is now available to criminals to commit blackmail, extortion, medical-related identity theft or fraud, and any number of additional harms against her for the rest of her life".

The Irony: Researching What They Experienced

Here's the striking timeline:

  • 2020-2021: UC San Diego Health suffers major phishing breach
  • 2021: Lawsuit filed alleging inadequate cybersecurity training
  • 2021-2023: Researchers conduct randomized controlled trial on phishing training with 20,000 employees
  • 2023: Study finds phishing training doesn't work as expected
  • 2023: Center for Healthcare Cybersecurity officially established
  • 2023-2025: Project CRASHCART developed

The researchers aren't just studying theoretical problems—they're solving challenges their own institution faced.

Learning from Pain

Dr. Christian Dameff's focus on evidence-based cybersecurity likely stems from this experience. When your own health system gets breached despite having cybersecurity experts on staff, you realize that conventional wisdom isn't enough.

The phishing training study's surprising results—that employees who completed training were no better at identifying phishing attempts—becomes even more significant when you know UC San Diego Health lost 500,000 records to a phishing attack.

As Dameff explains: "We're trying to bring more academic rigor to healthcare cybersecurity, constructing trials that are designed to prove evidence of benefit, in the same way that you would evaluate a new drug or a new surgery."

Not Alone in San Diego

UC San Diego Health wasn't the only local victim. In May 2021, Scripps Health, San Diego's second-largest health system, suffered a ransomware attack that potentially compromised the information of more than 147,000 people. Scripps was forced to take down the bulk of its digital systems for most of May, dramatically affecting everything from confirming appointments to diverting ambulances from hospitals that lost access to digital medical records.

Two major San Diego health systems hit within months of each other—demonstrating that even sophisticated, well-resourced institutions are vulnerable.

The Silver Lining: Institutional Knowledge

Having experienced a breach gives UC San Diego Health unique insights:

Detection delays matter: It took nearly a month to identify the breach as a security incident

Investigation takes time: Five months from breach termination to individual notifications

Scope is hard to determine: The number affected wasn't disclosed until September—five months post-discovery

Employee training isn't enough: A phishing attack succeeded despite having cybersecurity experts on campus

Patient impact is severe: Cancer patients worrying about blackmail, identity theft, and extortion

Legal consequences are real: Class-action lawsuits follow breaches

From Breach to CRASHCART

These experiences likely shaped Project CRASHCART's design priorities:

Speed: If UC San Diego Health took weeks to fully respond, other hospitals need faster solutions

Continuity: Unlike their phishing breach (which didn't disrupt care), ransomware shuts down everything—hence the need for rapid restoration

Training gaps: Since training failed them, they need systemic technological solutions

Regional impact: Seeing Scripps and UC San Diego Health both hit reinforced that attacks create regional healthcare crises

The Additional Breaches

The 2021 phishing attack wasn't UC San Diego Health's only incident:

2018: 619 patients affected by external data breach involving Nuance Communications, a third-party medical transcription provider breached between November 20 and December 9, 2017

2024: Undisclosed number of patients had data inadvertently shared with third parties due to vendor Solv Health placing analytics tools on patient-facing websites without authorization

Three separate incidents in six years—demonstrating the persistent nature of healthcare cybersecurity threats.

The Bigger Picture

When Dr. Jeff Tully says, "Ransomware and other attacks on national critical healthcare infrastructure are a serious patient safety problem," he's not speaking hypothetically. His own institution's 500,000 affected patients are proof.

When Dr. Dameff emphasizes that "you're only as safe as the weakest link in the chain," he knows that even cybersecurity research centers can have weak links—one employee clicking one phishing email.

The Motivation

Perhaps nothing motivates innovation like personal experience with the problem you're trying to solve.

UC San Diego Health's researchers aren't just protecting other hospitals—they're building the defenses they wish they'd had when their own systems were compromised.

They're asking: How do we ensure no other hospital has to send letters to half a million people saying their most sensitive medical information has been stolen?

Project CRASHCART is part of the answer.


The UC San Diego Health 2021 Data Breach: By the Numbers

495,949 - Individuals affected

128 days - Duration hackers had access (Dec 2 - April 8)

27 days - Time from suspicious activity detection to breach identification (March 12 - April 8)

152 days - Time from breach termination to individual notifications (April 8 - September 7)

1 year - Free credit monitoring offered to victims

Multiple - Lawsuits filed seeking class-action status


"UC San Diego Health worked deliberately, while taking care to provide accurate information, as quickly as it could. In addition to these actions, UC San Diego Health began taking remediation measures to enhance their security controls which have included, among other steps, changing employee credentials, disabling access points, and enhancing security processes and procedures."

— UC San Diego Health official response, September 2021


The Lesson

Sometimes the best cybersecurity innovations come from those who've learned the hard way. UC San Diego Health's Center for Healthcare Cybersecurity isn't just studying the problem—they've lived it.

Their half-million affected patients serve as a painful reminder of why Project CRASHCART and other innovations aren't just academic exercises. They're urgent necessities for a healthcare system under constant siege.

And perhaps that's what makes their work so credible: they're not outside consultants offering theories. They're survivors building better lifeboats—because they know what it's like when the ship starts sinking.


Sources

Primary Source:

UC San Diego Health Sciences. (2025, October 21). UC San Diego's Center for Healthcare Cybersecurity Protects Patients and Keeps Hospitals Running. UC San Diego Today. https://today.ucsd.edu/story/uc-san-diegos-center-for-healthcare-cybersecurity-protects-patients-and-keeps-hospitals-running

Healthcare Cybersecurity Statistics and Trends:

American Hospital Association. (2025, May 12). Report: Health care had most reported cyberthreats in 2024. AHA News. https://www.aha.org/news/headline/2025-05-12-report-health-care-had-most-reported-cyberthreats-2024

Lee, L., Kahn, C., Dameff, C. (2025). Ransomware Attacks and Data Breaches in US Health Care Systems. JAMA Network. https://pmc.ncbi.nlm.nih.gov/articles/PMC12079295/

The HIPAA Journal. (2025, January 14). 2024 Was Another Bad Year for Healthcare Ransomware Attacks. https://www.hipaajournal.com/2024-was-another-bad-year-for-healthcare-ransomware-attacks/

The HIPAA Journal. (2025, January 30). 2024 Healthcare Data Breach Report. https://www.hipaajournal.com/2024-healthcare-data-breach-report/

Forescout Technologies. (2025, May 22). Healthcare sector bears brunt of 2024 data breaches driven by evolving ransomware tactics. Industrial Cyber. https://industrialcyber.co/threats-attacks/healthcare-sector-bears-brunt-of-2024-data-breaches-driven-by-evolving-ransomware-tactics/

Dialog Health. (2025, August 26). 120+ Latest Healthcare Cybersecurity Statistics for 2025. https://www.dialoghealth.com/post/healthcare-cybersecurity-statistics

BlackFog. (2025, July 24). Healthcare Under Siege: Ransomware Attacks Soared in 2024. https://www.blackfog.com/healthcare-ransomware-2024/

Change Healthcare Attack:

American Hospital Association. Change Healthcare Cyberattack Underscores Urgent Need to Strengthen Cyber Preparedness. https://www.aha.org/change-healthcare-cyberattack-underscores-urgent-need-strengthen-cyber-preparedness-individual-health-care-organizations-and

Olsen, E. (2024, December 19). 7 of the biggest healthcare cyberattack and breach stories of 2024. Healthcare Dive. https://www.healthcaredive.com/news/7-of-the-biggest-healthcare-cyberattack-and-breach-stories-of-2024/736063/

Patient Deaths and Mortality Studies:

McGlave, C., Neprash, H., Nikpay, S. (2023, November 17). Ransomware attacks on hospitals: Study outlines patient impact. STAT News. https://www.statnews.com/2023/11/17/hospital-ransomware-attack-patient-deaths-study/

IBM Security. (2025, March 31). When ransomware kills: Attacks on healthcare facilities. https://www.ibm.com/think/insights/when-ransomware-kills-attacks-on-healthcare-facilities

Neprash, H.T., McGlave, C.C., et al. (2023). Trends in Ransomware Attacks on US Hospitals, Clinics, and Other Health Care Delivery Organizations, 2016-2021. JAMA Health Forum. https://pmc.ncbi.nlm.nih.gov/articles/PMC9856685/

Boyle, K. (2024, June 11). Does Ransomware Kill Sick People? SecureWorld. https://www.secureworld.io/industry-news/does-ransomware-kill-sick-people

Royal United Services Institute. (2024). Ransomware: A Life and Death Form of Cybercrime. https://www.rusi.org/explore-our-research/publications/commentary/ransomware-life-and-death-form-cybercrime

Springhill Medical Center Case:

Gatlan, S. Lawsuit: Hospital's Ransomware Attack Led to Baby's Death. GovInfoSecurity. https://www.govinfosecurity.com/lawsuit-hospitals-ransomware-attack-led-to-babys-death-a-17663

Wood, S. Hospital ransomware attack led to infant's death, lawsuit alleges. Healthcare IT News. https://www.healthcareitnews.com/news/hospital-ransomware-attack-led-infants-death-lawsuit-alleges

Lecher, C. (2021, September 30). Baby died because of ransomware attack on hospital, suit says. NBC News. https://www.nbcnews.com/news/baby-died-due-ransomware-attack-hospital-suit-claims-rcna2465

Haas, C. Lawsuit Links Baby Death to AL Healthcare Ransomware Attack. HealthITSecurity. https://healthitsecurity.com/news/lawsuit-links-baby-death-to-al-healthcare-ransomware-attack

The HIPAA Journal. (2023, April 26). Lawsuit Alleges Ransomware Attack Resulted in Hospital Baby Death. https://www.hipaajournal.com/lawsuit-alleges-ransomware-attack-resulted-in-hospital-baby-death/

Düsseldorf Hospital Incident:

O'Neill, P.H. (2020, September 18). A patient has died after ransomware hackers hit a German hospital. MIT Technology Review. https://www.technologyreview.com/2020/09/18/1008582/a-patient-has-died-after-ransomware-hackers-hit-a-german-hospital/

Schneier, B. (2020, November 24). On That Dusseldorf Hospital Ransomware Attack and the Resultant Death. Schneier on Security. https://www.schneier.com/blog/archives/2020/11/on-that-dusseldorf-hospital-ransomware-attack-and-the-resultant-death.html

O'Neill, P.H. (2020, November 12). Ransomware did not kill a German hospital patient. MIT Technology Review. https://www.technologyreview.com/2020/11/12/1012015/ransomware-did-not-kill-a-german-hospital-patient/

HIPAA Enforcement and Regulatory:

The HIPAA Journal. (2025, August 17). What are the Penalties for HIPAA Violations? 2024 Update. https://www.hipaajournal.com/what-are-the-penalties-for-hipaa-violations-7096/

U.S. Department of Health and Human Services. (2025). Resolution Agreements. https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/index.html

The HIPAA Journal. (2025). HIPAA Violation Fines - Updated for 2025. https://www.hipaajournal.com/hipaa-violation-fines/

The HIPAA Journal. (2025). Healthcare Data Breach Statistics. https://www.hipaajournal.com/healthcare-data-breach-statistics/

U.S. Department of Health and Human Services. (2024, November 21). Enforcement Highlights - Current. https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/data/enforcement-highlights/index.html

American Medical Association. (2019, December 6). HIPAA violations & enforcement. https://www.ama-assn.org/practice-management/hipaa/hipaa-violations-enforcement

Trang, B. (2024, October 23). Frustrated with Change Healthcare breach, senators propose removing limits on HIPAA fines. STAT News. https://www.statnews.com/2024/10/23/change-healthcare-hipaa-violation-fines-new-bill-eliminates-caps/

ThinkSecureNet. (2024, December 15). Top 11 Largest HIPAA Violation Lawsuits and Settlements (2024 Update). https://www.thinksecurenet.com/blog/top-10-settlements-fines-hipaa/

Electronic Health Records Vulnerabilities:

Whittington, M.D., et al. Human Factors in Electronic Health Records Cybersecurity Breach: An Exploratory Analysis. PMC. https://pmc.ncbi.nlm.nih.gov/articles/PMC9123525/

The HIPAA E-Tool. (2023, April 18). EHR Cybersecurity Risks. https://thehipaaetool.com/ehr-cybersecurity-risks/

National Research Council. Privacy and Security Concerns Regarding Electronic Health Information. For the Record: Protecting Electronic Health Information. https://www.ncbi.nlm.nih.gov/books/NBK233428/

Jalali, M.S., et al. Health Records Database and Inherent Security Concerns: A Review of the Literature. PMC. https://pmc.ncbi.nlm.nih.gov/articles/PMC9647912/

Alsaadi, M., et al. (2024, July 2). The Risk Assessment of the Security of Electronic Health Records Using Risk Matrix. Applied Sciences. https://www.mdpi.com/2076-3417/14/13/5785

V2 Cloud. (2025, August 15). EHR Security & Privacy: Common Challenges & Solutions. https://v2cloud.com/blog/electronic-health-records-security

Wood, S. HHS cyber arm warns of EHR vulnerabilities. Healthcare IT News. https://www.healthcareitnews.com/news/hhs-cyber-arm-warns-ehr-vulnerabilities

Juno Health. (2024, July 16). EHR Cybersecurity Threats: How to Address Them & Assess Fixing. https://www.junohealth.com/blog/how-to-address-top-ehr-cybersecurity-threats

American Retrieval. (2025, January 30). Electronic Health Record Security Breach: Top 3 Vital Fixes. https://americanretrieval.com/blog/electronic-health-record-security-breach/

Zenarmor. What is EHR Security? Risks, Benefits and Measures. https://www.zenarmor.com/docs/network-security-tutorials/what-is-ehr-security

Electronic Prescribing Vulnerabilities:

Alanazi, H.O., Zaidan, A.A., et al. (2021). Digital Health in Physicians' and Pharmacists' Office: A Comparative Study of e-Prescription Systems' Architecture and Digital Security in Eight Countries. PMC. https://pmc.ncbi.nlm.nih.gov/articles/PMC7888294/

Epstein Becker & Green. (2022, September 8). Online Pharmacy Prescriptions and Cybersecurity Best Practices. https://www.ebglaw.com/insights/lorman-online-pharmacy-prescriptions-and-cybersecurity-best-practices/

Sittig, D.F., et al. (2020, July 3). Cybersecurity of Hospitals: discussing the challenges and working towards mitigating the risks. BMC Medical Informatics and Decision Making. https://bmcmedinformdecismak.biomedcentral.com/articles/10.1186/s12911-020-01161-7

Schiff, G.D., et al. A Prescription For Enhancing Electronic Prescribing Safety. Health Affairs. https://www.healthaffairs.org/doi/10.1377/hlthaff.2018.0725

National Association of Boards of Pharmacy. (2025, February 19). e-Prescribing. https://nabp.pharmacy/news/blog/revolutionizing-health-care-the-evolving-path-of-e-prescriptions/

Epstein Becker & Green. (2021, July 12). Online Pharmacy Prescriptions and Cyber Security Best Practices. https://www.ebglaw.com/insights/online-pharmacy-prescriptions-and-cyber-security-best-practices/

Academy of Managed Care Pharmacy. Electronic Prescribing. https://www.amcp.org/concepts-managed-care-pharmacy/electronic-prescribing

Healthcare Safety Investigation Branch. (2023, September 21). Investigation report: Electronic prescribing and medicines administration systems and safe discharge. https://www.hssib.org.uk/patient-safety-investigations/electronic-prescribing-and-medicines-administration-systems-and-safe-discharge/investigation-report/

Westbrook, J.I., et al. The safety of electronic prescribing: manifestations, mechanisms, and rates of system-related errors associated with two commercial systems in hospitals. PMC. https://pmc.ncbi.nlm.nih.gov/articles/PMC3822121/

Nematollahi, M., Moosavi, A., Lazem, M., Aslani, N., Kafashi, M., Garavand, A. (2015, March 14). A review of the literature and proposed classification on e-prescribing: Functions, assimilation stages, benefits, concerns, and risks. ScienceDirect. https://www.sciencedirect.com/science/article/pii/S1551741115000431

Drone and WiFi Network Security:

Alsamhi, S.H., et al. (2020). Security analysis of drones systems: Attacks, limitations, and recommendations. PMC. https://pmc.ncbi.nlm.nih.gov/articles/PMC7206421/

Choi, S., et al. (2008, August 1). Wireless Network Security: Vulnerabilities, Threats and Countermeasures. ResearchGate. https://www.researchgate.net/publication/228864040_Wireless_Network_Security_Vulnerabilities_Threats_and_Countermeasures

Muncaster, P. (2022, October 13). Wi-Fi

Muncaster, P. (2022, October 13). Wi-Fi spy drones used to snoop on financial firm. The Register. https://www.theregister.com/2022/10/12/drone-roof-attack/

Ram, S. (2022, October 16). Drones for Wi-Fi Hacking? A new attack vector? What next? LinkedIn. https://www.linkedin.com/pulse/drones-wi-fi-hacking-new-attack-vector-what-next-sai-ram

Guvenc, I., et al. (2016, November 1). Securing Commercial WiFi-Based UAVs From Common Security Attacks. ResearchGate. https://www.researchgate.net/publication/305096894_Securing_Commercial_WiFi-Based_UAVs_From_Common_Security_Attacks

Secure Debug. (2025, February 18). Mastering Wi-Fi Hacking Techniques and Defenses: An Ultra-Extensive Guide to Wireless Network Security. https://securedebug.com/mastering-wi-fi-hacking-techniques-and-defenses-an-ultra-extensive-guide-to-wireless-network-security/

Kreps, S.E., Miles, M. (2020). Hospital cybersecurity risks and gaps: Review (for the non-cyber professional). PMC. https://pmc.ncbi.nlm.nih.gov/articles/PMC9403058/

Ahmad, A., et al. IoT empowered smart cybersecurity framework for intrusion detection in internet of drones. PMC. https://pmc.ncbi.nlm.nih.gov/articles/PMC10611784/

Sjöberg, L., Öhlin, K. (2021). Wireless Network Security for Consumer Drones: Vulnerability Assessment of the Ryze Tello. KTH Royal Institute of Technology. https://www.diva-portal.org/smash/get/diva2:1586253/FULLTEXT01.pdf

Additional Resources:

Applied Policy. (2024, December 5). Ransomware in Healthcare. https://www.appliedpolicy.com/ransomware-in-healthcare/

IBM Security Intelligence. (2025, February 21). Ransomware on the rise: Healthcare industry attack trends 2024. https://securityintelligence.com/articles/healthcare-industry-attack-trends-2024/

The HIPAA Journal. (2024, September 5). At Least 141 Hospitals Directly Affected by Ransomware Attacks in 2023. https://www.hipaajournal.com/2023-healthcare-ransomware-attacks/

Cybernews. (2024, July 5). Ransomware attacks really increase mortality rates at hospitals. https://cybernews.com/news/ransomware-attacks-mortality-rates-hospitals/

ThreatDown. (2024, July 5). Ransomware increases hospital deaths significantly. https://www.threatdown.com/blog/ransomware-increases-hospital-deaths-significantly/

Research Team and Funding:

UC San Diego Center for Healthcare Cybersecurity

Leadership:

  • Jeff Tully, M.D. - Assistant Professor of Anesthesiology, Co-Director
  • Christian Dameff, M.D. - Associate Professor, Departments of Emergency Medicine and Computer Science, Division of Biomedical Informatics, Co-Director

Key Research Personnel:

  • Aaron Schulman, Ph.D. - Associate Professor, Department of Computer Science and Engineering
  • Stefan Savage, Ph.D. - Professor, Department of Computer Science and Engineering
  • Geoffrey Voelker, Ph.D. - Professor, Department of Computer Science and Engineering
  • Mike Hogarth, M.D. - Division of Biomedical Informatics
  • Rodney Gabriel, M.D. - Department of Anesthesiology
  • Preetham Suresh, M.D. - Department of Anesthesiology
  • Claire Soria, M.D. - Department of Anesthesiology
  • Christopher Longhurst, M.D. - UC San Diego School of Medicine
  • Christopher Kahn, M.D. - Department of Emergency Medicine
  • Christian Tomaszewski, M.D. - Department of Emergency Medicine
  • Jay Doucet, M.D. - Department of Surgery

Project CRASHCART Team:

  • Jonathon Guthrie - Cyber Resiliency Analyst
  • Almog Bar-Yossef - Graduate Student, Department of Computer Science and Engineering
  • Alex Gao - Research Team Member
  • Kartikeyan Subramanyam - Network Systems Engineer

Funding: Advanced Research Projects Agency for Health (ARPA-H) Healthcare Ransomware Resiliency and Response Program (HR3P) U.S. Department of Health and Human Services

Institutional Support: University of California San Diego UC San Diego Health UC San Diego School of Medicine Department of Computer Science and Engineering Division of Biomedical Informatics


Editor's Note

This comprehensive investigation into healthcare cybersecurity draws on over 80 sources including peer-reviewed research, federal agency reports, legal filings, and investigative journalism. The escalating threat of ransomware attacks on healthcare facilities represents one of the most pressing challenges at the intersection of technology, medicine, and national security. As hospitals become increasingly dependent on digital infrastructure—from electronic health records to wireless medical devices—the vulnerabilities identified in this investigation demand urgent attention from policymakers, healthcare administrators, and cybersecurity professionals.

The UC San Diego Center for Healthcare Cybersecurity's innovative approaches, including Project CRASHCART and evidence-based research challenging conventional security practices, offer hope that rapid recovery and improved preparedness are achievable goals. However, the documented deaths, billions in financial losses, and millions of compromised patient records underscore that this is not merely a technical problem but a genuine public health crisis requiring comprehensive, coordinated action.

For ongoing coverage of healthcare cybersecurity developments, readers are encouraged to monitor updates from the Department of Health and Human Services Office for Civil Rights, the Cybersecurity and Infrastructure Security Agency (CISA), and academic research institutions advancing the field of medical cybersecurity.

 

Monday, October 20, 2025

Shield or Spark? The U.S. Golden Dome and the New Missile Arms Race


Shield or Spark? The U.S. Golden Dome and the New Missile Arms Race


China's Hypersonic Arsenal Challenges U.S. 'Golden Dome' Defense Initiative

Beijing's Advanced Missile Technology and Rival Defense Platform Intensify Strategic Arms Race

As the United States pursues its ambitious Golden Dome missile defense system, China has unveiled a formidable array of hypersonic weapons and deployed a competing global defense platform, marking a new chapter in strategic competition that experts warn could destabilize the international security landscape.

China Deploys Defense Prototype Ahead of U.S.

In a significant development, China has deployed a working prototype of a global missile defense system capable of tracking up to 1,000 missiles simultaneously, achieving operational status before the United States has finalized the technical design of its Golden Dome initiative. The Chinese system, formally called the "distributed early warning detection big data platform," has been tested and handed to the People's Liberation Army, according to reports from the research team led by Li Xudong at the Nanjing Research Institute of Electronics Technology.

The platform integrates inputs from space, air, sea, and ground sensors to monitor missile launches directed at China from any point worldwide. The system uses QUIC, or Quick UDP Internet Connections, a transport protocol designed to maintain high-speed and secure transmission across bandwidth-limited or intermittently connected military networks, even under electronic interference or disruption.

Hypersonic Weapons Surge

China's technological advantage extends well beyond missile defense. In September 2025, China unveiled the CJ-1000 hypersonic cruise missile during a military parade in Beijing, claiming the weapon offers "powerful penetration" strike capabilities. Chinese military expert Shao Yongling stated that due to its faster flight speed and better maneuverability, the CJ-1000 can effectively reduce the success rate of interception by existing missile defense systems.

The YJ-19, with its visible air inlet, represents what could be the world's first air-breathing hypersonic missile to make a formal appearance. At the September military parade, four new types of YJ series anti-ship missiles were displayed for the first time, with three being hypersonic missiles adopting different configurations, demonstrating the rich technological paths of China's hypersonic development.

In late September 2025, China conducted one of its most strategically significant missile tests in recent years, launching what analysts believe to be a new variant of an intercontinental ballistic missile equipped with hypersonic boost-glide technology on a depressed trajectory. By 2025, China is estimated to possess approximately 500 nuclear warheads, with Pentagon projections suggesting that this number could exceed 1,000 by 2030.

The DF-ZF hypersonic glide vehicle is thought to reach speeds between Mach 5 and Mach 10. Since conventional interceptor missiles have difficulty against maneuvering targets traveling faster than Mach 5, a problem exacerbated by decreased detection times, the United States may place more importance on developing directed-energy weapons as a countermeasure.

In January 2025, China completed the final test of its highly classified hypersonic air-to-air missile, designed to engage high-value targets, including advanced stealth aircraft such as the U.S. B-21 Raider bomber. Unlike traditional missiles with ranges of a few hundred kilometers, these advanced weapons can strike targets over 1,000 km away.

U.S. Golden Dome Faces Technical and Financial Hurdles

Launched conceptually on May 20, 2025, the Golden Dome programme targets a broad spectrum of threats from ballistic and hypersonic missiles to cruise missiles and drone swarms. Initial estimates placed total costs at $175 billion, but the space-based tier alone may exceed $500 billion.

U.S. Space Force General Michael Guetlein, the programme's lead, admitted that progress is slow, stating "Everyone who's telling you they think they know, do not know, including me". The American Physical Society warned in February 2025 that it would take 16,000 interceptors to destroy 10 ICBMs.

Meanwhile, U.S. hypersonic weapons development continues to lag. The U.S. Army is poised to deploy its ground-based Long-Range Hypersonic Weapon to an operational unit by the end of 2025, according to a congressional report released on February 27, 2025. The Pentagon's FY2025 budget request for hypersonic research was $6.9 billion—up from $4.7 billion in the FY2023 request.

Led by RTX subsidiary Raytheon, the Hypersonic Attack Cruise Missile is now projecting that it will significantly exceed its cost baseline. Russia and China have made it clear that they had gone to deployment on systems, with weapons in the hands of their warfighters that the United States did not.

China-Russia Strategic Alignment

In a May 8 joint statement on global strategic stability, Chinese President Xi Jinping and Russian President Vladimir Putin characterized the Golden Dome project as a rejection of the "inseparable interrelationship between strategic offensive arms and strategic defensive arms, which is one of the central and fundamental principles of maintaining global strategic stability".

The statement outlined concerns that the United States is developing the capability to use "high-precision conventional weapons or a combination of nuclear and non-nuclear weapon systems" to launch a strike against the strategic nuclear forces of Beijing or Moscow, with Golden Dome then intercepting a "radically weakened retaliatory strike with air and missile defense assets".

Chinese foreign ministry spokesperson Mao Ning stated that "Golden Dome" intends to create an unconstrained, global, multi-layer and multi-domain missile defense system, adding that it plans to expand the U.S. arsenal of means for combat operations in outer space, including research and development and deployment of orbital interception systems.

Global Strategic Implications

In May, Russia and China jointly called the initiative 'deeply destabilising', warning it could provoke retaliatory measures and undermine the credibility of mutually assured destruction. China's foreign ministry added that the plan has 'strong offensive implications' and called it an attempt to 'turn space into a battlefield'.

Golden Dome threatens the effectiveness of Russia's nuclear and conventional forces, particularly during midcourse and terminal phases. Moscow may respond with mobile launch platforms, advanced decoys, and hypersonic glide vehicles.

In August, India's Chief of Defence Staff, General Anil Chauhan, described the Sudarshan Chakra initiative as 'India's own Iron Dome or Golden Dome' during an address in Mhow, stating: 'The aim is to develop a system to protect India's strategic, civilian, and nationally important sites. It will act both as a shield as well as a sword'.

The Strategic Race Continues

Experts have suggested this could be another case where "the US has an idea but China brings it to life". Beijing fields one of the world's largest missile fleets and has taken the lead over Washington in hypersonic missile technology—maneuverable weapons that travel more than five times the speed of sound.

Whether Golden Dome emerges as a credible shield or a catalyst for global instability will depend on development outcomes, strategic choices, and the willingness of states to pursue cooperative governance in space. The initiative highlights the tension between national defence ambitions and the need for international stability in a shared domain.


Sources

  1. Romaniuk, S.N. and Csicsmann, L. (2025, October 6). "Shield or Spark? The U.S. Golden Dome and the New Missile Arms Race." SpaceWar. https://www.spacewar.com/reports/Shield_or_Spark_The_US_Golden_Dome_and_the_New_Missile_Arms_Race_999.html

  2. Chan, R. (2025, September 5). "China Flaunts New Hypersonic Missile for Critical Strikes." Newsweek. https://www.newsweek.com/china-flaunts-new-hypersonic-missile-2124892

  3. Defence Security Asia. (2025, September 29). "China's Hypersonic ICBM Test Shocks the World: Depressed Trajectory and Boost-Glide Weapon Advances." https://defencesecurityasia.com/en/china-hypersonic-icbm-test-depressed-trajectory-boost-glide/

  4. National Security Journal. (2025, May 21). "'Best on Earth': China's Hypersonic Missiles Might Be Unstoppable in a War." https://nationalsecurityjournal.org/best-on-earth-chinas-hypersonic-missiles-might-be-unstoppable-in-a-war/

  5. "DF-ZF." Wikipedia. (Updated October 16, 2025). https://en.wikipedia.org/wiki/DF-ZF

  6. Overt Defense. (2025, January 29). "China Conducted Final Test of Secretive Hypersonic Air-to-Air Missile." https://www.overtdefense.com/2025/01/30/china-conducted-final-test-of-secretive-hypersonic-air-to-air-missile/

  7. Space.com. (2025, September 5). "China shows off advanced hypersonic missiles, ICBMs and drones in military parade (photos)." https://www.space.com/technology/china-shows-off-advanced-hypersonic-missiles-icbms-and-drones-in-military-parade-photos

  8. Liu, X., Fan, W., and Rui, L. (2025, September 3). "YJ-15 missile, YJ-19, YJ-17, YJ-20 hypersonic missiles make debut, demonstrating rich technological paths of China's hypersonic missiles: experts." Global Times. https://www.globaltimes.cn/page/202509/1342509.shtml

  9. South China Morning Post. (2025, September 2). "YJ-19, China's first hypersonic cruise missile, is based on breathtaking science." https://www.scmp.com/news/china/science/article/3324050/breathtaking-science-behind-yj-19-chinas-first-hypersonic-cruise-missile

  10. "YJ-21." Wikipedia. (Updated September 17, 2025). https://en.wikipedia.org/wiki/YJ-21

  11. Brahy, J. (2025, September 30). "China tests its own Golden Dome variant to track up to 1,000 US missiles." Army Recognition. https://www.armyrecognition.com/news/aerospace-news/2025/china-tests-its-own-golden-dome-variant-to-track-up-to-1-000-us-missiles

  12. Sinha, S. (2025, September 30). "China fields missile defense prototype as US drafts Golden Dome plan." Interesting Engineering. https://interestingengineering.com/military/china-moves-before-us-golden-dome

  13. Asia Times. (2025, October 7). "China's missile shield outshining Trump's Golden Dome." https://asiatimes.com/2025/10/chinas-missile-shield-outshining-trumps-golden-dome/

  14. Moukawsher, T.G. (2025, October 7). "China may have beaten US to 'Golden Dome' homeland defense." Newsweek. https://www.newsweek.com/china-may-have-beaten-us-to-golden-dome-homeland-defense-10815039

  15. South China Morning Post. (2025, September 30). "China fields Golden Dome prototype before the US can come up with a plan." https://www.scmp.com/news/china/science/article/3327224/china-fields-golden-dome-prototype

  16. India TV News. (2025, October 14). "China develops global missile defence prototype rivaling US 'Golden Dome': Report." https://www.indiatvnews.com/news/world/china-develops-planet-wide-global-missile-defence-prototype-rivaling-us-golden-dome-says-report-2025-10-14-1012746

  17. Newsd. (2025, October 14). "China's 'Golden Dome': China develops global missile defence system rivaling US." https://defence.newsd.in/global-news/chinas-golden-dome-china-develops-global-missile-defence-system-rivaling-us

  18. Chan, R. (2025, September 5). "China builds own 'Golden Dome' to rival US missile defense." Newsweek. https://www.newsweek.com/china-builds-own-golden-dome-rival-us-missile-defense-2124240

  19. "Golden Dome (missile defense system)." Wikipedia. (Updated October 13, 2025). https://en.wikipedia.org/wiki/Golden_Dome_(missile_defense_system)

  20. Mao, N. (2025, May 22). "China urges US to abandon 'Golden Dome' for global strategic stability." State Council Information Office of the People's Republic of China. http://english.scio.gov.cn/pressroom/2025-05/22/content_117888815.html

  21. Energy Reporters. (2025, September 27). "'Pentagon Officials Call It A Hypersonic Shake-Up': Angry Tortoise Missile Project Aims For Mach 5 On A Fraction Of Usual Costs." https://www.energy-reporters.com/news/pentagon-officials-call-it-a-hypersonic-shake-up-angry-tortoise-missile-project-aims-for-mach-5-on-a-fraction-of-usual-costs/

  22. Bulgarian Military. (2025, March 1). "Hypersonic еdge: US plans big launch in 2025, report finds." https://bulgarianmilitary.com/2025/03/01/hypersonic-%D0%B5dge-us-plans-big-launch-in-2025-report-finds/

  23. Erwin, S. "Hypersonic projects include Conventional Prompt Strike (CPS) and Long Range Hypersonic Weapon (LRHW)." Military Aerospace. https://www.militaryaerospace.com/test/article/55275198/hypersonic-projects-include-conventional-prompt-strike-cps-and-long-range-hypersonic-weapon-lrhw

  24. National Defense Magazine. (2025, July 22). "U.S. Looks to Field its First Hypersonic Weapon, Reenergize Efforts." https://www.nationaldefensemagazine.org/articles/2025/7/22/us-looks-to-field-its-first-hypersonic-weapon-reenergize-efforts

  25. The Defense Post. (2025, June 11). "US Air Force Hints Revival of Troubled AGM-183 Missile Program." https://thedefensepost.com/2025/06/11/us-agm183-missile-revival/

  26. Army Recognition. (2025, May 5). "Analysis | How far have US hypersonic weapon programs currently progressed compared to initial deployment plans?" https://armyrecognition.com/news/army-news/2025/analysis-how-far-have-us-hypersonic-weapon-programs-currently-progressed-compared-to-initial-deployment-plans

  27. USNI News. (2025, May 6). "Report to Congress on Hypersonic Weapons." https://news.usni.org/2025/05/06/report-to-congress-on-hypersonic-weapons-19

  28. Hitchens, T. (2025, June 11). "GAO warns that Air Force's hypersonic cruise missile program is behind schedule." DefenseScoop. https://defensescoop.com/2025/06/11/gao-report-air-force-hacm-hypersonic-cruise-missile-behind-schedule/

  29. Altman, H. (2025, October 15). "US Army's first hypersonic battery to be fully equipped by December." Defense News. https://www.defensenews.com/land/2025/10/15/us-armys-first-hypersonic-battery-to-be-fully-equipped-by-december/

  30. Hitchens, T. (2024, November 22). "Grady: DOD preparing for 'hypersonics 2.0 and 3.0' to understand operational concepts." DefenseScoop. https://defensescoop.com/2024/11/22/dod-grady-hypersonics-2-0-weapons-development-operational-concepts/

  31. Kimball, D.G. (2025, June). "China, Russia Sharpen 'Golden Dome' Missile Defense Critique." Arms Control Today. https://www.armscontrol.org/act/2025-06/news/china-russia-sharpen-golden-dome-missile-defense-critique

  32. Ministry of Foreign Affairs of the People's Republic of China. (2025, May 9). "JOINT STATEMENT by the People's Republic of China and the Russian Federation on Global Strategic Stability." https://www.fmprc.gov.cn/mfa_eng/zy/jj/xjpdelsjxgsfwcxjnslwgzzslqd/202505/t20250509_11617864.html

  33. Reals, T. (2025, May 21). "China says Trump's 'Golden Dome' missile defense plan increases risk of 'space becoming a battlefield.'" CBS News. https://www.cbsnews.com/news/trump-golden-dome-missile-defense-china-russia-reaction/

  34. Xinhua. (2025, May 9). "China, Russia urge nuclear-weapon states to abandon Cold War mentality: joint statement." https://english.news.cn/20250509/9d46edaaf93a4477b217dc0f13b129c1/c.html

  35. Hennigan, W.J. (2025, May 27). "China, North Korea, and Russia's Response to Trump's 'Golden Dome' Proposal." TIME. https://time.com/7288728/golden-dome-trump-north-korea-russia-china-response-space-militarization/

  36. The China Academy. (2025, May 23). "Chinese Experts Dismiss U.S.'s $175 Billion 'Golden Dome' Missile Defense as a Fantasy." https://thechinaacademy.org/golden-dome-trumps-star-wars-2-0-and-chinas-response/

  37. Song, Z. and Liu, X. (2025, May 21). "Chinese FM expresses grave concern over US 'Golden Dome' missile defense system; program violates intl consensus: expert." Global Times. https://www.globaltimes.cn/page/202505/1334566.shtml

  38. The Moscow Times. (2025, August 5). "Russia and China Criticize Trump's 'Iron Dome for America' Plan." https://www.themoscowtimes.com/2025/05/08/russia-and-china-criticize-trumps-iron-dome-for-america-plan-a89023

  39. South China Morning Post. (2025, May 9). "China and Russia accuse US of raising risk of nuclear war and vow to respond to threats jointly." https://www.scmp.com/news/china/diplomacy/article/3309636/china-and-russia-accuse-us-raising-risk-nuclear-war-and-vow-respond-threats-jointly

  40. China News Service (ECNS). (2025, May 9). "China, Russia urge nuclear-weapon states to abandon Cold War mentality: joint statement." https://www.ecns.cn/news/politics/2025-05-09/detail-iherfyrs7209534.shtml

 

[2510.14367] A 2-bit Ku-band Digital Metasurface with Infinitely Scalable Capability

Element structure:(a) RF-DC separation architecture topology; (b) RF part top view; (c) RF part bottom view. [2510.14367] A 2-bit Ku-band Di...