Part 3: Assurance and Critical Vulnerabilities. How do government and industry protect their space assets and missions?

The relationship between the U.S. Department of Defense (DoD) and the commercial satellite industry has a unique challenge. The DoD has communications security requirements that go far beyond the needs of commercial customers. These requirements range from the need to protect links from hostile interference (jamming) – a concern commercial customers share – to DoD’s unique expectation for communications that will operate through or recover from a nuclear blast (survivability) and its desire for a low probability of intercept, detection and exploitation.

These requirements have become integral elements of military satellite communications, and encompass the ability of the system to avoid or mitigate degradation, disruption or unauthorized use by an adversary (or, in some cases, problems just caused by the environment).

DoD satellite communications are threatened by a vast array of adversaries, capabilities and effects. In most cases, both military and commercial satellites are vulnerable to the same basic threats. These include electromagnetic and radio frequency interference, electromagnetic pulse and nuclear scintillation, network intrusion and exploitation, physical attack and other aspects of information warfare. Knowing DoD’s reliance on satellite assets (both owned and leased), hostile entities have intentionally tried to disrupt those systems or deny DoD access to them by jamming satellite frequencies.

Due to this threat, many of DoD’s most critical communications circuits have anti- jam characteristics that can be implemented on the satellite, at the ground station or both. However, jam-resistant transponders and satellite modems cost more and require more bandwidth because they normally operate at comparatively lower data rates.

Many military satellites and most commercial satellites remain vulnerable to jamming and more severe threats. This point was clearly stated by the Government Accountability Office (GAO) in its 2002 report, “Critical Infrastructure Protection: Commercial Satellite Security Should Be More Fully Addressed,” which concluded that while protection measures implemented by commercial industry are sufficient for many government applications, they “…lack the security features used in national security satellites for protection against deliberate disruption and exploitation.”

While commercial satellites may lack many of the security enhancements present in military satellites, vulnerability, risk assessment and satellite protection issues are not foreign to the commercial satellite industry. In January 2003, the director of the National Security Space Architect requested that the president’s National Security Telecommunications Advisory Committee conduct a study of infrastructure protection measures for commercial satellite communications systems. The committee’s Satellite Task Force found that while commercial radio frequency links are definitely susceptible to interference, most military networks and satellites are vulnerable to the same threats.

In the years since the publication of the GAO and Satellite Task Force reports, much of the commercial satellite industry has begun to realize the importance of information assurance and protection for their own interests and for continuing business with DoD. Many commercial satellites, and most of those supporting DoD requirements, provide some level of anti-jam and/or geolocation, as well as higher levels of encryption and information protection. In a few isolated instances – commercial mobile satellite services versus military ultra high frequency, for example – the comparable commercial system is more secure. However, this is certainly the exception, not the rule.

Since the publication of the 2002 GAO report and the 2004 Satellite Task Force Report, the commercial satellite communications industry and the DoD have made significant progress in partnering to protect uplinks and downlinks from both unintentional and hostile interference.

For example, there is a new DoD Directive (DoDD 8581.1) that mandates information assurance measures on all space systems used by the DoD (including commercially leased systems). Today nearly all commercial providers have the ability to determine the source of interference and quickly resolve it. The latest version of the Defense Satellite Transmission ServicesGlobal contract requires commercial providers to implement basic protection measures in order to even be eligible for DoD business.

Industry considers “security by diversity” an effective mitigation strategy against many threats. The idea is to remove the incentive to interfere with a satellite (or terrestrial) signal by ensuring that there are enough satellites, transponders and payloads available so that interference with any given link has a negligible overall impact to the whole network. One practical application of “security by diversity” is the traditional response of the commercial satellite industry to interference with a satellite service – namely, the service is moved to an alternate transponder as quickly as practical when persistent interference, regardless of the source, is identified.

Another good example of this “security by diversity” concept is the terrestrial Internet. In most cases, disabling a single Internet router, switch or hub has almost no effect on the overall network because there are so many routers and so many diverse paths through which information can travel, the loss of any given node has minimal impact.

In contrast, military satellite communications do not currently provide similar dynamic routing. Most DoD satellite networks use only four or five satellites to cover the globe. For that reason, jamming a single satellite could disable 20 percent to 25 percent of the DoD’s network, which gives an adversary with hostile intent a tremendous incentive to conduct jamming operations.

“Security by diversity” also provides a unique solution for specialized military missions to this incentive – rather than placing all of its capability on four or five military satellites, the DoD could instead place payloads on multiple hosts. For example, if the DoD met its coverage and capacity requirements with 15 hosted payloads instead of five military satellites, the overall capacity loss to a single disabled payload would be decreased from 20 percent to less than 7 percent.

This is a significant reduction in the incentive to jam a DoD satellite – that is, the “return on investment” is decreased.

This will ideally force the adversary to question whether the time, effort, risk and expense of jamming a satellite is worth the comparatively minimal impact that action will have on the overall network. With this security concept, both the incentive to attack and the impact of an attack are significantly reduced. Of course, as technology matures and jammers proliferate, both the cost and effort decrease, theoretically making jamming a rather simple and inexpensive option. More importantly, if the adversary knows precisely which link or links to jam, the percentage of the overall network being disabled is irrelevant – they can still achieve the same impact.

It is useful to remember that the forerunner of the terrestrial Internet, ARPAnet, was developed in the 1960s specifically to provide a self-healing communications network, which was able to function despite the (presumably nuclear) disruption of individual components. ARPAnet achieved its objective by enabling the routing of traffic among a diverse set of communications nodes.

Theoretically, the more nodes a network has, the better it is able to dynamically reroute traffic and recover from an attack or failure. Given this model, the scale of the commercial satellite fleet is the decisive advantage for a focus on security through diversity in space.

Nearly 300 commercial communications satellites currently operate in geosynchronous orbit, compared to about 20 DoD geosynchronous assets. Some of these commercial satellites are operated by nations or entities for whomDoD traffic is inappropriate. And certainly some DoD assets must be able to withstand nuclear attack.

However, given the scale of its satellite communications needs, the U.S. Department of Defense should consider using commercial satellites in a much more strategic fashion.

Don Brown is vice president for hosted payloads at Intelsat General Corp. U.S. Air Force Maj. Michael Moyles is researching commercial/military communications satellite hybrids at the . This is the third in a five-part series. Readers are encouraged to join the debate at