SAN FRANCISCO — The revelation that two U.S. environmental satellites were hacked in 2007 and 2008 grabbed the attention of commercial satellite communications providers, who have been urging the U.S. military to buy even more civilian bandwidth and use commercial satellites as hosts for military communications payloads.
Executives are vying for competitive advantage by touting their security measures, even as they voice quiet frustration over their unsuccessful effort to establish a collaborative cybersecurity center that could have alerted them to threats such as those against the Landsat 7 and Terra imaging satellites.
In November, the U.S.-China Economic and Security Review Commission revealed in a report to Congress that unknown hackers breached the command links to Landsat 7, launched in 1999 for the U.S. Geological Survey, and Terra, launched in 2000 to carry a climate-change sensor for NASA.
The commission noted that an attacker who accesses a satellite’s control system can “damage or destroy the satellite.” Independent experts were more specific: Hackers could have turned Terra’s thermal detectors toward the sun, burning them out, they said.
An intruder who managed to hack into a geosynchronous communications satellite might be able to turn off that satellite’s communications to a region or order the satellite to fire its thrusters, bumping it out of its internationally assigned orbit.
In the case of Landsat 7 and Terra, the hackers created highly specialized radio frequency signals and transmitted the signals to the spacecraft from the Svalbard ground station in Norway. They did so on four occasions in 2007 and 2008.
The commission was most specific about the probing of Terra. On June 20, 2008, hackers “achieved all steps required to command” NASA’s Terra “but did not issue commands,” the commission said.
While government and industry officials point out that newer spacecraft have stronger safeguards, the incidents illustrate the determination of hackers and the necessity for the industry to be ready for new tactics.
‘Round-the-Clock’ Collaboration
For executives in the communications industry, the incidents were part wake-up call and part confirmation of a risk they knew was there. In 2009, the U.S. National Security Telecommunications Advisory Committee (NSTAC), a group of executives from across the industry, published a report warning of “unauthorized commanding of or preventing control of routers, switches, servers, databases, or satellite buses.”
The “NSTAC Report to the President on Commercial Satellite Communications Mission Assurance” warned that satellite networks would require special safety measures to prevent hackers from sending false commands, blocking authorized commands or interfering with data transmission from the spacecraft. It was in the same report that NSTAC recommended establishing a joint coordinating center to “share cyber situational awareness.”
Commercial satellite communications companies established a test version of the center in April 2010 as one element of a six-month pilot program aimed at improving all kinds of telecommunications security. For satcom, the industry wanted to assess various methods for “round-the-clock operational collaboration and information sharing” about cyber threats.
Proponents hoped the center would inspire the government to join them in a government-industry partnership, as the military’s use of commercial satellite bandwidth had risen steadily over the decades.
Growing Commercial Clout
Before the 1991 Persian Gulf War, U.S. military satellites provided 80 percent of the bandwidth. The balance has flipped, with commercial satellites now carrying 80 percent of the communications traffic. For forces overseas, the percentage is higher. In 2009, a senior U.S. military officer in Iraq reported that 96 percent of U.S. Central Command’s communications requirements were being met by commercial satellites.
“There is a real concern about protection of that 96 percent of communications going into and out of theater,” said retired U.S. Navy Cmdr. J.J. Shaw, director of North America and global naval programs for Inmarsat Government U.S., which sells services to the U.S. government.
In June, the administration of President Barack Obama published an updated National Space Policy calling for improvements to the “resilience of mission-essential functions” enabled by civilian, commercial, scientific and “national security” satellites.
In November, U.S. government and industry space experts met at the National Defense University to examine the vulnerabilities of those satellites and their ground infrastructures.
“There was a consensus among participants that an attack on space capabilities will almost certainly be preceded by a cyber attack,” said a report drafted by attendees of the conference on Securing Space Assets for Peace and Future Conflict.
The joint coordinating center never got beyond the pilot program stage, however, for reasons that remain unclear.
U.S. Cyber Command officials declined to discuss the joint coordinating center. Industry executives pointed out privately the many obstacles that government and industry face in trying to jointly address evolving cyber threats. Many of the major commercial satellite communications companies are foreign-owned, and only a few top officials in each company possess clearances to participate in secret government briefings on emerging threats.
One industry official noted that even if he learned classified information on the latest threats, he would be unable to share that information with key members of his security staff who do not possess similar clearances.
Escalating Danger
In 2011, IntelsatONE, the terrestrial network that links customers to Intelsat’s geosynchronous communications satellites, identified about 300,000 denial-of-service attacks, said Kay Sears, president of Intelsat General Corp.
Individual hackers are not the only ones targeting communications networks. Criminal organizations break into networks seeking economic gain, and nation-states use cyber attacks to challenge U.S. economic and military might.
The U.S.-China Economic and Security Review Commission noted in its recent report to Congress that “authoritative Chinese military writings advocate attacks on space-to-ground communications links and ground-based satellite control facilities in the event of a conflict.”
The Defense Department and commercial providers are responding to efforts to disrupt military transmissions. Specifically, Defense Information Systems Agency (DISA) officials are scrutinizing the information security measures being taken by their commercial satellite communications vendors.
Corporate security officials are stepping up precautions, paying attention to everything from the guards who patrol their satellite operations centers to the software used to flag unauthorized messages.
Companies also want Pentagon officials to share the latest intelligence on cyber threats, but that is not happening.
“Companies have worried about cybersecurity for a decade,” said Patricia Cooper, president of the Washington-based Satellite Industry Association. “The real game-changer is that the military is putting so much traffic over the commercial systems that the military’s concern about safety, security and information assurance has become a major concern for the satellite operators as well.”
Satellite operators have “invested in databases and analytical tools to assess where spacecraft are, what they see in the space environment, and what kind of interference they experience,” Cooper said. “Success in on-orbit safety will require a strong relationship with U.S. Strategic Command, which hasn’t happened as quickly as some companies would like.”
