The ability to destroy satellites through cyber exploitation is a reality—and one of the most disruptive threats in the 21st century.
In late 1998, a joint U.S.-German-U.K. X-ray satellite (known as Röntgensatellit [RoSat]) failed. Some analysts believe Russian hackers deliberately destroyed it, although direct evidence is scarce.1 There is no question that a cyber intrusion into the Goddard Space Flight Center servers occurred around the time the RoSat was damaged, even if it is unproven whether the two incidents are connected.2 Though what follows is speculative, the vulnerabilities discussed were identified in the official investigation.3
Sometime in late 1997, a Russian hacker, using a combination of social engineering and a dictionary attack, may have obtained a login and password to an internet-connected file transfer protocol (FTP) server located on the National Aeronautics and Space Administration’s (NASA’s) agencywide mission computer network. To bypass firewalls and cover his tracks, the hacker conducted an FTP bounce scan, which locates servers and hosts within a network that have vulnerable ports. The hacker found a particular server that allowed read and write access to all files contained on the server.
In this case, the Goddard Space Flight Center server managed files associated with the RoSat’s command-and-control systems. Unbeknownst to the RoSat mission team, the hacker changed values in the algorithms used by the system’s star tracker.4 As a result, the RoSat miscalculated its alignment and turned toward the sun, causing overheating. NASA was able to correct for what it believed was an accident. The space agency saved the satellite and salvaged the mission. But the hacker tried again months later, this time changing the code for the attitude-control system. The satellite slewed out of control, pointing the X-ray imager toward the sun and irreparably damaging it.5 The decommissioned RoSat burned up on reentry to the atmosphere in 2011.
Space . . . the Vulnerable Frontier
Reliance on space systems for commercial and military purposes has transformed space into a peculiar domain. Much like the open seas, it is intended for peaceful use but has the potential to become contested at a moment’s notice. For many years, the conventional approach to that contest focused on dedicated programs for developing and maintaining antisatellite (ASAT) weapons to conduct kinetic attacks that would strike a satellite with a warhead or object or directed-energy weapons to degrade or destroy it.6 Both types of attacks require technologically sophisticated elements that only a few advanced nation-states possess. The cyber-attack vector changes that.
A cyber attack can be conducted without a space program or advanced weapons. Nonstate actors (such as independent hackers or terrorists) can launch such attacks. When a space system is degraded or destroyed, it likely is gone forever; there is no readily available repairman (though the Hubble Space Telescope has proved an occasional exception). In essence, a cyber attacker can cause billions of dollars in damage at the cost of changing only a few lines of code—making it one of the most cost-effective forms of potentially lethal attack.
A rational actor will probably employ two fundamental criteria when attacking satellite systems. First, the attack on a satellite system must be isolated and not cause harm to untargeted satellite systems. Second, the attack must be capable of targeting an effective number of satellites simultaneously.
China’s January 2007 ASAT test demonstrates the importance of the first criterion. It is difficult to argue the benefit of kinetically striking a satellite if thousands of pieces of debris are sent hurtling, threatening all satellites in a particular belt—including your own.7 In this domain, a kinetic strike can be a strike against oneself.
As for the second, the U.S. military’s satellite communications architecture makes a good test case. If, for example, an adversary wanted to wipe out the U.S. military’s narrowband communications in a sneak attack, it would have to destroy at least three Ultra-High Frequency Follow-On (UFO) and two Mobile User Objective System (MUOS) satellites in geosynchronous orbits. (This hypothetical space Pearl Harbor does not include the numerous wideband and commercial satellites that would also need to be targeted if the attacker intended to destroy all communications.) Such an attack would take hours and would be overt—and therefore attributable. Only cyber attacks targeting the command and control of multiple satellites would be able to satisfy the first criterion and be covert enough to create the element of surprise.
Russia and China’s well-documented and mature ASAT programs include kinetic and nonkinetic capabilities. Russia has more than 50 years of experience in ASAT, with a specialty in co-orbital attacks, which place weapons in orbit and then maneuver to attack, rather than striking directly from launch.8
Attack Where Your Enemy is Unprepared
SpaceX’s ability to launch payloads for roughly $2,700 per kilogram for low-Earth orbit and $7,500 a kilogram for geostationary transfer has revolutionized satellite possibilities.9 Competitive pricing has resulted in a proliferation of systems—more than 300 satellite launches in 2019, compared with roughly 65 a decade earlier.10 In fact, the next ten years will see SpaceX, OneWeb, Amazon, and others fielding megaconstellations comprising hundreds and thousands of satellites.
But it is not just the surge in satellite services that has made ASAT capabilities so important; space systems are essential to the conduct of modern warfare. More and more commercial remote-sensing and communication services meet ever-increasing demand from nation-state militaries and private security firms. In particular, it is estimated that the U.S. military spends hundreds of millions of dollars through the legacy bulk-purchase system on wideband satellite communication capacity alone.11 One only need conjure the image of the Osama bin Laden raid being watched in real-time by President Barack Obama and others halfway around the world to see the effects of space capabilities on the modern warrior.
This creates a conundrum for the commercial sector, however. If a commercial satellite is being used to aid a nation-state’s military operations, then would not that satellite and its encompassing support structure be considered legitimate military targets? Article IV of the 1967 Outer Space Treaty states that no nation shall put nuclear weapons or weapons of mass destruction in space, but a literal interpretation does not preclude other weapons or the use of satellites for military purposes.12 It would doubtless be a bad look for a country with great-power pretensions to lob missiles at commercial satellites. But a deniable cyber attack removes public-relations complexity from this issue, reducing or avoiding entirely the public outrage that would follow an attributable attack.
To protect against cyber attacks, it is vital to identify the vulnerabilities that enable them. Though many vulnerabilities generally associated with the cyber domain apply, risks in the commercial supply chain deserve special recognition.
Suppose the Navy (or any other defense agency or department) requires some particular satellite remote-sensing data. The Navy outsources its collection to Company X. Company X contracts with Seattle-based LeoStella to build a satellite constellation.13 SpaceX then lifts the satellites into the appropriate orbit for Company X. Finally, Company X relies on teleport company EOS Defense Systems USA for data transmission to ground stations, from which Company X will ultimately push the data to the Navy’s network.14 Suppose, conservatively, that 15 people from each company have some sort of primary exposure to the technical side of the project. Use the rule of thumb of at least two personal computers (even if just to send and read email) per person and one server for every 20 personal computers.
If the assumptions hold, then 60 people, 120 personal computers, and 6 servers will all have data related to this satellite requirement.15 (These assumptions overlook the large number of other people and computing devices potentially connected to the company networks—which could amount to hundreds more people and devices.) The devices are assembled using parts and software from multiple vendors from around the world. It is not difficult to imagine that somewhere in the production chain an undocumented feature could have been embedded as firmware that gives rise to a “zero-day” vulnerability (that is, unknown and therefore undefended against).
One military requirement can have branches on branches of access points for exploitation. Even if every person is as careful and every machine as well-defended as possible, such a vulnerability could lead to something like the suspected RoSat maneuver.
Supply-chain integrity is one of the highest Department of Defense (DoD) priorities. For example, DoD’s Trusted Foundry Program is intended to provide security to the military’s electronic supply chain by certifying trusted suppliers from industry.16 A massive endeavor to secure the digital supply chain in general, Trusted Foundry must be extended to satellite procurement. All space vendors should undergo a rigorous certification process, including standards of integrity for all hardware and software used in the production of a space system. In addition, physical and network security standards should be developed for the telemetry, tracking, and command stations of satellite operators contracted by the U.S. government.
Perhaps the most important ingredient for securing the supply chain would be increased awareness of the cyber threat to satellites, which should dictate careful scrutiny in the cradle-to-grave production of a space system. Whether they destroyed RoSat or not, the cyber attacks on NASA exploited a known type of insecure network configuration. Better network security would have thwarted those hackers, but today’s systems need to go beyond that to secure every link in the supply chain.
Even the possibility that hackers destroyed RoSat represents a cultural shift in the space environment. Bad intentions and bad actors exist, and they appear to have encroached on innocent scientific exploration. The global commons of space are different from the global commons of the sea. Whereas an incident at sea could be isolated geographically, an incident in space—destruction of even a single satellite—could potentially harm anything else in the same approximate orbit. Worse, it is a domain in which lone wolves and peer competitors can both prevail.
Expect them both to devote substantial resources to
doing so.
1. Anthony Watta, “Another Satellite Reentry and Burnup Expected, This One May Have Been Brought Down by Hackers,” wattsupwiththat.com, 16 October 2011.
2. Ben Elgin and Keith Epstein, “Network Security Breaches Plague NASA,” Newsweek, 20 November 2008.
3. NASA Office of Inspector General, Report No. IG-11-017, Inadequate Security Practices Expose Key NASA Network to Cyber Attack, 28 March 2011.
4. RoSat/LEDAS, Electronic Newsletter no. 12, 5 June 1998, web.archive.org/web/20151228232103/http://ledas-www.star.le.ac.uk/rosat-goc/rosnews12.
5. Goddard Space Flight Center, RoSat Wrap Up, heasarc.gsfc.nasa.gov/docs/rosat/taps.html.
6. Todd Harrison, Kaitlyn Johnson, and Thomas G. Roberts, Space Threat Assessment 2019, Center for Strategic and International Studies, April 2019, 3.
7. Harrison et al., Space Threat Assessment 2019, 12.
8. Harrison et al., 12–13.
9. Mike Brown, “SpaceX Starship: Elon Musk Outlines an Ultra-low Price Tag for Launches,” inverse.com, 6 November 2019.
10. Konstantin Kakaes, Tate Ryan-Mosley, and Erin Winick, “The Number of Satellites Orbiting Earth Could Quintuple in the Next Decade,” MIT Tech Review, 26 June 2019.
11. Sandra Erwin, “SATCOM Conundrum: Air Force Contemplating Right Mix of Commercial, Military Satellites,” Space News, 8 November 2017, spacenews.com/satcom-conumdrum-air-force-contemplating-right-mix-of-commercial-military-satellites/.
12. Richard A. Morgan, “Military Use of Commercial Communication Satellites: A New Look at the Outer Space Treaty and Peaceful Purposes,” Journal of Air Law and Commerce 60, no. 1 (1994): 298; Ricky J. Lee and Sarah L. Steele, “Military Use of Satellite Communications, Remote Sensing, and Global Positioning Systems in the War on Terror,” Journal of Air Law and Commerce 79, no. 1 (2014): 106.
13. LeoStella website, leostella.com.
14. EOS Defense Systems website, www.eosdsusa.com/eos-space-technologies/.
15. Applied Computer Research, “Identifying IT Markets and Market Sizes by Number of Servers,” itmarketintelligence.com, 2011.
16. John Keller, “IBM to Provide Trusted and Secure Integrated Circuit Manufacturing to U.S. Military in $275 Million Deal,” Military and Aerospace Electronics, 22 May 2019, militaryaerospace.com.