Researchers at the National Security Agency are using artificial intelligence to characterize strange behaviors in small satellites to understand if they’ve secretly been brought under adversarial control.
“We’re looking at a way to characterize telemetry data so that as we deploy new satellites, we can make adjustments,” said Aaron Ferguson, the technical director of the encryption solutions office of NSA’s Capabilities Directorate, said at a Defense One event on Tuesday.
“Now, if you talk to a variety of analysts, and I have at NASA, they’ll say, ‘Oh, we’ve got this under control. We checked the data twice, three times,’ Ferguson said. “But we really don’t know, because there is so much data that they really don’t know if something is going wrong. They’ll say, ‘It’s just orbital debris that bumped into the satellite and knocked it off its trajectory.”
Said Ferguson, most small sats are deployed to a very specific region in low Earth orbit, so those satellites that move outside of that place or that are deployed elsewhere are exhibiting unusual, or anonymous behavior. That behavior could suggest a serious compromise but humans by themselves don’t always notice it and don’t have the capacity to reach a determination quickly, as there is often too much data. “Can we characterize small sat behaviors to be good? Bad, or I don’t know?’” said Ferguson, who emphasized that the effort was not yet a program, but an active experimentation that might one day lead to a program.
Additionally, he said his team was also looking to see “how can we deploy some type of malware to a small sat, through a ground station,” to better judge the threat to small satellites.
Why is that important? If you’ve paid any attention to the military discussion about the use of space over the past couple of years, you’ve probably heard two key points. The first is that the United States is planning to put vast constellations of small satellites in low Earth orbit in the coming years, where they offer new, faster ways for the military to collect intelligence and communicate. You’ve also likely heard that U.S. officials are very worried about new and growing threats to its assets in space. But the vast volume of data coming from small satellites may make it difficult to determine if they’ve been compromised by an adversary.
Satellite Hijacks: a Real Thing
“It absolutely is possible to conduct cyber attacks against satellites,” said Brian Weeden, director of program planning for Secure World Foundation. “Satellites and their ground systems are increasingly just computers running some specialized software, but they often run common OSes like Unix or Linux. They are vulnerable to many of the same cyber attacks as every other computer system out there…You generally need access to a specialized ground antenna and wait for the satellite to pass overhead before sending it commands. But if you can hack into the computers controlling that antenna, then you could be in business.”
So-called “control hacking” of a satellite isn’t as easy as trying to steal someone’s email, but it can be done, according to Bill Malik, the vice president of infrastructure systems at cybersecurity firm Trend Micro. You need to attack either the ground station controlling the satellite, either directly, via a physical attack, or via very special equipment to trick the satellite into mistaking you, the attacker, for the ground station.
Presenting his findings on the topic at the RSA Security conference in May, Malik said there are six known examples of hackers successfully interfering with or even commanding unauthorized maneuvers of NASA satellites before 2011. Five of those took place in relatively quick succession in 2007 and 2008.
Malik said hackers have taken over non-NASA satellites as well. In February 1999, the UK had a network of satellites, called SkyNet. Hackers gained control of one these satellite and moved it, then demanded a ransom, said Malik.
“The threat is clearly growing,” Malik told Defense One in a direct message on Twitter. “First, the cost of jamming and control-takeover technology is dropping, and the benefits to hackers (whether criminals or nation-state actors) is growing. More sophisticated supply-chain attacks could harm food production (by tampering with crop observations — drought (leading to over- or under-watering), insect or blight infestations (leading to incorrect application of pesticides), harvest times (leaving foodstuffs to rot, or be harvested too early (impacting yield and causing price instability in futures markets).”
In the military sphere, a hacker might want control of an imagery microsat to blind it at just the right moment, or disable it completely. In 1998, hackers took control of the U.S.-German ROSAT astronomy satellite and aimed its solar panels directly at the sun, overcharging the battery and rendering the satellite useless.
Small Sats, a Growing Threat Surface?
For the U.S. military’s new Space Command, small, quickly (and cheaply) built satellites represent both an opportunity and a concern.
“There are companies today that are building thousands and thousands of satellites. The capability is operationally relevant,” Air Force Gen. John Raymond, the commander of Space Command, said at the Air Force Association’s annual conference on Tuesday.
“It’s no longer good enough to have a satellite that can survive launch, begin to operate, and survive initial operations. You have to have a satellite that is defendable, and so Space Command will put a sharp focus on that,” Raymond said.
But Malik said satellite makers have yet to get that message, and that will be a big problem as the world relies more on satellites for 5G communications. “I see no evidence of improvement in satellite security to date,” he said over direct message. “One worrying aspect of this blissful ignorance is the increasing role that satellites may play supporting 5G (not for active applications, the distance makes response time goals unachieveable) but for backhaul. Although most of the documentation saying satellites have a role in 5G come from satellite-focused businesses, there is cause for concern that satellite backhaul under 5G will expose data to eavesdropping and possible alteration of corruption.”
The most recent report from NASA’s inspector general emphasizes the gap between the current state of security on many satellites and best practices.
Raymond, asked by reporters whether he was particularly concerned about vulnerabilities in small sats, answered, “Everything has vulnerabilities.”
The solution, he said, is to rely on a more elaborate and diversified architecture of satellites.
“What we are looking at doing is developing not a one-size-fits-all. Having a more of a hybrid architecture, if you will. So a mixture of of larger satellites and smaller satellites,” he said. “We will architecture our systems to make sure that there isn’t one vulnerability that wouldn’t be the Achilles heel.”