The US Air Force in April this year organised a hackathon to test the vulnerabilities of its military satellites in orbit. The competitors were asked to hack into an actual US satellite orbiting the earth, during Defcon, one of the world’s largest hacker conferences.
The finale for the satellite hacking challenge, which offered hefty cash prizes, was held virtually to expose cyber-security issues and vulnerabilities in space assets and ground control systems.
“We need to embrace this external community to help us understand how to use … bug bounties and hacking events to deal with security issues before we take (systems) onto the battlefield,” Will Roper, the Air Force’s assistant secretary for acquisition, technology and logistics told reporters in May.
The pace at which the cyber-security and electronic warfare capabilities of different nations and non-state actors are advancing poses a monumental challenge to owners of the space assets in orbit. Taking control of a satellite by rogue elements could have dire consequences.
Interfering with control systems of a satellite could render it non-functional in orbit, or even deny access to its services. The possibilities involve jamming or spoofing the signals from satellites, destroying critical infrastructure such as electric grids, water networks and transportation systems.
Some satellites make use of thrusters to manoeuvre in orbit and to change speed, which if tampered with can alter the course of the satellite and send it crashing down to earth. These steerable satellites have most vulnerabilities, most disastrous of which could be using it as a weapon to destroy adversarial assets, such as another satellite, in space.
The country’s possessing assets in space, particularly, the US, China and Russia, are increasingly worried about conflicts in space, where their vulnerabilities could be exploited.
China and Russia are believed to be working on the development of directed-energy weapons, signal jammers, anti-satellite missiles, satellites that can go close enough to other satellites in orbit and robotically mess with them, and, yes, cyber skills.
Experts warn the threats of satellite hacking are growing with increasing cyber warfare capabilities and the global arms race. The Defence One portal quoting Brian Weeden, Director of program planning for Secure World Foundation, said:
“Satellites and their ground systems are increasingly just computers running some specialized software, but they often run common OSes like Unix or Linux. They are vulnerable to many of the same cyber attacks as every other computer system out there.”
“You generally need access to a specialised ground antenna and wait for the satellite to pass overhead before sending it commands. But if you can hack into the computers controlling that antenna, then you could be in business,” he added.
The portal quotes Bill Malik, the vice president of infrastructure systems at cybersecurity firm Trend Micro, saying:
“So-called “control hacking” of a satellite isn’t as easy as trying to steal someone’s email, but it can be done. The hackers can easily get into the systems of the ground station controlling the satellite, after which gaining access to the satellite is a cakewalk, the experts believe.
The US intelligence agencies estimate that there were six known examples of hackers successfully interfering with or even commanding unauthorised manoeuvres of NASA satellites before 2011, many of which took place in 2007 and 2008.
Recognising these challenges, the White House last month issued directions to satellite makers and operators to harden their spacecraft against hackers and hijackers.
The directive asks the makers to design their hardware and software so that operators can monitor and adapt to “activities that could manipulate, deny, degrade, disrupt, destroy, surveil, or eavesdrop on space system operations.
The directive urges the manufacturers to ensure they also have plans and tools in place to recapture control of satellites that get jammed, spoofed, hacked, or hijacked. It also asked satellite makers and operators to also better manage the security of ground stations and address “supply chain risks that affect cybersecurity of space systems.”
Satellite hacks in the past
A US-German ROSAT X-Ray satellite was rendered useless in 1998 when hackers took control of the craft, directing it to aim its solar panels directly at the Sun. They managed to hack the satellite by getting into computers at the Goddard Space Flight Center in Maryland. The satellite’s batteries were fried and it eventually crashed back to Earth in 2011.
In 1999, the hackers took control of the UK’s SkyNet satellites and asked the government for ransom.
In 2007-08, the US Air Force accused Chinese hackers of using the connection from a ground station to affect the operation of the earth observation Landsat 7 and Terra (EOS AM-1) satellites. The Chinese government was suspected of sponsoring the hackers trying to find out how vulnerable the satellite control systems were to cyber-attack.
The Chinese hackers were again alleged to have been involved in a 2014 US weather systems and satellite network tampering. The hackers reportedly breached the federal weather network recently, forcing cybersecurity teams to seal off data vital to disaster planning, aviation, shipping and scores of other crucial uses.
The Chinese government officials denied any involvement in the incident.
The Chinese were suspected to have been also involved in the interception of a conversation happening through video chat via satellite, of a high-profile Indian government meeting in October 2017. The hackers continued to intercept the link for almost 4-5 minutes before a counter-offensive was launched to neutralise it, the Indian media reported.
However, hacking into space objects is not the same as hacking web systems. To successfully master a space system hack, one needs at least a basic understanding of things like orbital mechanics, ground stations functioning, the complex radio-frequency protocols, and more importantly, knowing what circuit board side of a satellite actually looks.
Launching such a daunting hack is, therefore, not everybody’s cup of tea.
Today, numerous countries possess capabilities that could be used against space systems; however, there is limited evidence of cyber attacks in the public domain. The nations like the United States, Russia, China, North Korea, and Iran are known to have the capabilities to engage in offensive cyberattacks against non-space targets.
Although the efforts to address space cybersecurity are gaining momentum, the pace is still slow. The electronic warfare analysts lament the lack of any cybersecurity standards for satellites, with no governing body to regulate and ensure their cybersecurity. The responsibility for cyber safety of the satellites currently falls on the individual companies that build and operate them.
Satellites are becoming more and more important for the modern world, and their presence in lives is becoming indispensable.
The defence networks, such as the US defence and intelligence operations almost wholly depend on satellites today. From imaging and surveying every part of the earth, ensuring global communications, helping in transportation and tracking of ships and planes, gathering weather data, to providing location, timing, and navigation information, satellites are infiltrating every part of human functioning.
It’s safe to say the modern world can’t function without the operation of satellites. And their number is increasing around the earth every year, and so is their role in our lives.