Space: The last frontier for cybersecurity

The mental images conjured up by Trump’s call for a space force may initially have appeared better suited to the silver screen. But anyone concerned about America’s national security shouldn’t let thoughts of spaceships or lasers overshadow the fact that the United States has significant security interests in space — in the form of our satellites — that we need to protect, especially against cyber threats.

Satellites face many security risks. Perhaps the most obvious threat is physical destruction — either destroying the ground station through conventional weapons or destroying the satellite itself using anti-satellite missiles. Satellites can also be damaged or destroyed using high powered lasers, microwaves or electromagnetic pulses. In other cases, it’s not the satellite’s physical existence that is threatened, but it’s functional one. Jamming or spoofing radio frequency signals can interfere with a satellite’s ability to send and receive data.

{mosads}But one of the most dangerous threats satellites face is from cyber attacks. Satellites offer hackers a variety of access points – including the antennas on both the satellites and the ground stations and the user terminals here on earth. Attacks can range from stealing data to sending fake or corrupt data to a complete shutdown of all the satellite’s operations. Cyber threats are also very hard to detect, and even when discovered, it is difficult to pinpoint and hold responsible the actors behind any attacks.

Policymakers should take note that both the International Space Station and NASA have suffered cyber attacks before. Until 2010, the International Space Station (ISS) was not directly connected to the internet. Nonetheless, both before 2010 and after, the ISS was infected by malware multiple times through astronauts’ infected laptops or USB drives. In 2008, the ISS was infected by a worm called W32.Gammima.AG, a gaming virus intended to collect personal information. Even more alarming, between 2009 and 2011, hackers leaked NASA’s control codes for the ISS, as well as other sensitive data. On several occasions NASA has lost “full functional control” of important systems thanks to targeted attacks.

China, Russia, North Korea and Iran all have advanced cyber capabilities and a history of attacking American assets in the cyber domain. In a 2017 Senate Armed Services Committee hearing addressing adversaries with the capacity to disable satellite constellations, General David Goldfein stated “the two countries that are making the most investment in this area are China and Russia.”

China has already been implicated in several cyber-attacks against U.S. satellites. In 2007 and 2008, suspected Chinese hackers targeted satellites operated by the U.S. Geological Survey and NASA, using a ground station in Norway to interfere with communication for several minutes. An attack where the hackers gained control of systems at NASA’s Jet Propulsion Laboratory was traced to IP addresses in China. And in 2014, hackers attacked the National Oceanographic and Atmospheric Administration’s (NOAA) weather and satellite systems.

China is not a partner at the ISS; no Chinese astronauts spend time there, and cyberattacks are making future prospects of collaboration less likely. American legislation prevents NASA from collaborating with China or any Chinese owned companies, unless specifically granted permission. What’s more, espionage concerns led to a ban on hosting Chinese visitors at NASA facilities.

China isn’t the only country worth keeping an eye on. In 2015, a Russian group of hackers code-named Turla and alleged to have connections to Russian intelligence hijacked unencrypted commercial satellite connections to steal data. And even non-state actors can pose a defense threat. In 2014, then 25-year-old British citizen Sean Caffrey hacked a Department of Defense satellite system, as well as approximately 30,000 satellite phones, stealing the personal data of hundreds of Pentagon employees.

The 2019 NDAA bill passed by both the House and the Senate doesn’t include a space force, although it does call for assessments of potential cybersecurity issues regarding GPS systems and the activities of the International Space Station. The bill does expand the authority of U.S. Cyber Command to respond to any cyberattacks car from Russia, China, North Korea and Iran by taking “take appropriate and proportional action.” Yet there is room to do more — especially to guarantee the cybersecurity of our satellites.

Satellites are a key U.S. interest. This isn’t to advocate for slipshod, overly hasty programs created by alarmist rhetoric. But it is a reality that technological development will not wait for the U.S. military to catch up. If Trump is serious about creating a new branch of the military, then Congress and the DoD need to take a serious look at our current vulnerabilities and the most effective ways to counteract them. In the case of space, the first step for securing American interests may not actually involve launching anything into the blue beyond at all.

Kathryn Waldron is a research assistant at the R Street Institute, a nonprofit group aimed at promoting limited government.