In January 2012, a virus struck JAXA (Japan Aerospace Exploration Agency) computers and sent information from an HTV (H-II Transfer Vehicle) computer to the International Space Station. This was a major advance in cyber warfare, and the culprit is still at large.
Spying on space agencies is not a new phenomenon. Hackers breached NASA many times since the 1990s, the European Space Agency occasionally reports hacker-induced computer interference, and even the International Space Station was a target for cyber-attacks. In recent years, cyber penetration has even affected satellites. Despite worldwide dependency on space systems, their vulnerability to cyber-attacks has not received enough serious attention, and officials still avoid public discussions about their implications.
Over the last thirty years, the presence of military, civilian, and commercial instruments in space increased dramatically. Satellites perform innumerable tasks ranging from mapping, navigation, surveillance, meteorology, space exploration, search and rescue, and communications, and they also play a vital role in peacetime and wartime. In this way, America’s aerospace capabilities are an inseparable aspect of the Revolution in Military Affairs (RMA).
Given the essential role of satellites, the motivation to incapacitate them is extremely high. One way to cripple a satellite is with a “hard kill,” which physically impairs it, causing irreparable damage. Until now, countries have shown restraint from employing this method for various reasons, and only a few countries have this kind of capability. Another way to maim a satellite is with a “soft kill,” which temporarily disables its various systems. Non-democratic regimes often jam satellite signals from the ground in order to block television and military transmissions. Malicious cyberware can also attack satellites. The attack may be soft, but the affect is just as lethal for computers, networks, and electronically integrated systems that operate satellites.
At the start of this decade, there were nearly a thousand satellites in orbit. Of these, 441 belonged to the US, 99 to Russia, and 67 to China (the US has uncontested superiority over China, Russia, and more than fifty other states with assets in space). A large number of satellites come from the private sector, and the use of civilian satellites for military purposes is on the rise.
Civilian commercial satellites are less protected than military ones, partially due to the high cost of security. However, the technical disadvantage of some states has made satellites from more technologically advanced states attractive targets.
Many of today’s satellites are highly vulnerable to attack. Launched years before there was any awareness of the damage that computer hacking could cause, the incentive to invest in defensive measures for these orbiters, excluding military systems, was non-existent. In addition, the aerospace industry is conservative; changes require heavy outlays and take time (for example, training aerospace engineers in systems protection). However, once a satellite is in orbit, technologies and backups can be developed to safeguard the ground station’s computer systems.
Hard in Training, Easy in Battle
The US-China Economic and Security Review Commission submitted a report to the US Congress in November 2011. The report stated that two US Government earth observation satellites, the Landsat-7 and Terra EOS AM-1, encountered interference related to computer breaches in the Command and Control (C2) station in Spitsbergen, Norway. The report also noted that a joint NASA-US Geological Survey using a Landsat-7 satellite experienced two jamming incidents on October 20, 2007 and on July 23, 2008. In both cases, the interference lasted more than twelve minutes. Although jamming did occur, the hackers failed to pass through all the stages necessary to gain control of the satellite.
The second and more interesting case of interference occurred with a NASA Terra EOS AM-1 satellite. The satellite was jammed for two minutes on June 20, 2008, and over nine minutes on October 22, 2008. This time, the attackers passed through all the required stages, but stopped short of actually taking control. NASA acknowledged that jamming took place, but in both cases, the satellites continued to function and no commands were sent to the satellite with the exception of interference, which is a common occurrence in itself.
China was the prime suspect in this incident, not because the hacker’s identity was discovered, but because the techniques employed correlated with official Chinese army publications. The Chinese regard attacks on aerospace systems as an effective way to overcome an enemy’s technological advantages.
This can be carried out by implanting viruses or logic bombs into systems (codes that are intentionally inserted into software systems that cause malfunctions under specified conditions).
As in most cyber-attacks, there is more than meets the eye. It is extremely difficult to prove that the attacks took place, and even more difficult to trace their source and identity. As anticipated, the Chinese vehemently denied the accusations. Some researchers claim that the satellite attacks were merely training exercises, and the jammed satellites were simply easy live targets used to prepare for a real attack.
NASA Under Attack
NASA is keenly aware of the danger in breaches of information systems. In 1999, security analysts simulated a massive incursion into their systems. Employing only commercial software, they were able to break into operational C2 computers and systems that disseminate satellite data. A 2007 NASA report by the internal comptroller warned of the critical challenges facing the security of IT systems. IT vulnerability was identified as the weak link that could jeopardize not only information, but also NASA’s entire operational capability.
Threats are aimed at the organization’s most sensitive data and operational systems that control satellites. Senior NASA officials realize that technology advances pose a growing threat to the organization, and they now define cyber threats as the system’s material weakness (the state in which internal controls prove ineffective).
NASA has taken many steps to strengthen IT security, but the comptroller emphasized that cyber threats against the organization’s computer systems and networks are still “tangible in scope and sophistication.” In 2011, a report acknowledged that the threat to the US space agency had not ceased, “but had in fact, grown more malicious.”
Some satellites were designed long before there was any awareness for the need to protect them in space. Various measures should be taken to guarantee the satellites’ survivability in the event of a cyber-attack. For example, suppliers of satellite services must be aware of the seriousness of the threats, and simulated incursions of ground stations should be carried out regularly to raise the security level. In addition, a permanent dialogue must be established between universities, government bodies, the space industry, and equipment and service suppliers in order to build a database and common language for devising quick solutions in emergency situations.
Satellites vital to daily life, as well as military and intelligence applications, are prime targets for hackers. Fortunately, so far countries have shown restraint in attacking them. The asymmetric nature of cyber space and the ability to conduct an anonymous attack could motivate technologically inferior organizations and states to interfere with advanced states’ satellite systems.
In cyberspace, no system is immune. Satellites and operating systems have to be safeguarded. What holds true for US satellites also holds true for Israeli satellites.