Satellite Cyber Attack Search and Destroy
Jeffrey Bardin, Treadstone 71 LLC
This chapter discusses satellite cyber attacks with regard to hacking, interference, and jamming. For the last several years, we have been notified that sunspot activity could disrupt Earth’s communications. In fact, there have been numerous cell phone outages due to sunspots. This disruption has a significant impact on the daily life of humans on this planet. Nearly all disruptions we have experienced have been the result of natural acts. Imagine if someone had the capability to hack a satellite. This type of activity appears in movies: Hackers release malware installed on a system that modifies the geographic positioning system of oceangoing oil tankers. Although this potentiality may be unrealistic, the effect should it occur would be extremely high. Whether environmental disaster, or total disruption of command-and-control of a military operation, or massive outages during the Super Bowl of satellite connectivity, the impacts would be significant relative to sunspots.
Keywords
satellite; cyber attack; search and destroy; encryption; hacks; interference; jamming; threats; communicating; cyber security
In the movie Enemy of the State, satellites play a vital role in making the viewer believe in the ultimate power of the National Security Agency (NSA). Satellites are repurposed and moved around the sky in moments. They peer down from the heavens tracking the hero’s movements, able to determine tiepin logos and license plate expiration dates. Viewers are made to believe that satellites are God-like, roving the atmosphere, seeing everything we do. The NSA does employ satellites for signals and other intelligence; however, it is the National Reconnaissance Office (NRO) that normally owns and operates U.S. spy satellites. The closest Hollywood has come to reality in spy satellites was during the movie Patriot Games when Harrison Ford had to look at images through a microscope trying to ascertain the identity, much less the gender of people in the photographs. Grainy images with shadows that look like other images is more in line with reality.
When thinking of satellites, thoughts often drift to Hollywood’s images and the surveillance aspects of their capabilities. However, satellites play many roles in society. They provide methods for communication and remote sensing of critical infrastructures, deliver global positioning systems for navigation, keep us occupied with broadband for entertainment, and support mechanisms for videoconferencing and telemedicine. We never see them, but they are essential components in daily human activity. According to the Satellite Industry Association, nearly 37% of all operational satellites are used for business communications. Civil communications accounts for 11%, military communications for 9%, military and surveillance 9%, navigation 8%, remote sensing 9%, and meteorological 4%. The Satellite Industry Association also maintains information on world satellite industry revenue. Satellite growth increased significantly between 2005 and 2011 at an average of 11% per year in growth. The Satellite Industry Association states that satellite services continue to represent the single largest industry sector driven by satellite-TV growth at around 10% [1]. Space launch industry and satellite manufacturing revenues reflect a history of aggregate growth by yearly fluctuation, while ground equipment revenue growth reflects slight but relatively consistent year-on-year consumer and network equipment sales. It is safe to say that satellites play a prominent role in everyday life.
Very Small Aperture Terminals (VSATs) are prevalent in everyday lives. They consist of a parabolic dish and associated hardware and software. The purpose is to send and receive (uplink and downlink) signals via a satellite. They dot the landscape on homes, recreational vehicles, and boats. Human reliance on satellites is growing at an exponential rate. As with any growing commercial opportunity, security is less than the primary concern. Economics drives the opportunity.
1 Hacks, Interference, and Jamming
April of 2007 started a series of issues with satellites. Tamil rebels in Sri Lanka were accused of hacking the Intelsat satellite positioned over the Indian Ocean for communicating propaganda [2]. Intelsat responded, indicating this to be a case of signal piracy (not hacking) that would not be tolerated. In a response to the Intelsat press release, the Tamil Tiger rebels indicated that they were not accessing the satellite illegally and that therefore no signal piracy had occurred. The rebels intimated a relationship with the service provider for the satellite but would provide no further explanation [3].
In 2007, the media reported that NASA satellite Landsat-7 used for ground mapping was hacked, experiencing 12 minutes of interference [4]. The same article goes on to state that in 2008, another NASA satellite, Terra AM-1 was hacked for 2 minutes in June and for 9 minutes in October. The problem with the articles and subsequent follow on by the media as well as the NASA Office of Inspector General is the depiction that the satellites were hacked. These two events were not cyber-related events but events characterized by the interference and jamming of radio signals in order to disrupt satellite send and receive transmissions. The point to be made here is that this had nothing to do with cyber security but rather with traditional satellite communication protocols using radio transmissions.
Recently, there have been writings on the Internet of the potential for hacking NASA satellites to access the Curiosity land rover on Mars. Although this is pure speculation, much discussion has occurred due to the subject. The initial topic focused on the pushing of updates to change Curiosity’s payload. The idea would be to intercept or to a play man-in-the-middle attack against communications between satellites and the rover. Although highly unlikely, the impact would be significant should such an activity occur. It highlights a renewed focus on satellites as objects for disruption of command, control, communications, and computers. The Jet Propulsion Laboratory (JPL) in Pasadena, California, houses the scientists, engineers, specialists, and mission control center for Curiosity. NASA missions employ a highly compartmentalized framework for computer systems tied to the mission. They are self-contained systems located in self-contained buildings running variations of operating systems or operating systems created specifically for the mission at hand, operated by personnel vetted on several levels. Once a configuration of the operating system, firmware, or other related software is proven to work per the specifications of the designers and engineers, the configuration is locked down as a module ready for execution. It is highly unlikely that a hack or intercept of the encoded transmission between JPL mission control in Pasadena and the Curiosity rover on Mars could occur. Such an unlikely occurrence would have an enormous impact on the mission. But the mission of discovering life on another planet is hardly a target for exploitation that a foreign intelligence service would undertake. It is more likely that a foreign intelligence service would target earth-born operations.
In October 2011, Creech Air Force Base was the subject of a malware attack on the Predator and Reaper drones. It was reported that a keystroke logger infected the ground control stations for drones operating in the Afghanistan theater. The malware proved to be a resilient strain that continued to reoccur after multiple system cleanings. The malware was most likely created by a foreign nation-state intent on learning as much information as possible about the United States’ drone activities. What was not stated in the press is the fact that the 30th Reconnaissance Squadron of the United States Air Force operates out of Creech AFB. This is significant since this squadron operates the RQ-170 Sentinel UAV. The same UAV captured by Iran a mere two months after the keystroke logger event at Creech AFB. In what could be termed a coincidence, Iran stated that its Army’s electronic warfare unity had downed an RQ-170 violating Iranian airspace by overriding the UAV’s controls. An Iranian engineer later stated that Iran used GPS coordinate spoofing, fooling the UAV into thinking it was landing at an air base in Afghanistan. The Iranian engineer further claimed that it was quite easy to exploit the navigational weakness in the drone system. It is possible that signal jamming of the encrypted channels used by the military forced the UAV to revert to a communications failover process that used unencrypted methods to communicate [5]. Once the failover took place, Iranian engineers were able to manipulate the drone GPS. If the Iranian claim of control override is true, the keystroke logging event at Creech AFB takes on new meaning for cyber security surrounding ground control stations for satellite-based weapons systems. Unsubstantiated claims of Russian or Chinese intelligence services actually executing the keystroke logger and subsequently the downing of the RQ-170 become a potential premise that should be explored further. It demonstrates the need for improved cyber security measures for each component of the satellite command and control ecosystem. It also demonstrates that traditional cyber security countermeasures are not sufficient to prevent penetration or malware infection, or both. In most cases, ground control stations are air-gapped from other networks. Air gapping is a method of security control that delivers network compartmentalization, keeping all networks and devices not required to operate, manage, monitor, and/or control a sensitive system entirely separate. This is usually accompanied by stringent rules related to the use of removable media. It has been intimated that infected nonauthorized hardware was attached to the air-gapped system, providing for the infection of the target ground control stations. Malware of this type with a keystroke logger payload is used for cyber intelligence collection for later disposition and cyber countermeasures to be deployed by the initiating entity. The ability for the malware to communicate data collection efforts back to a collection hub also requires additional review since the methods of cyber security detection are often devised to keep perpetrators out, and not to prevent them from leaving as an additional level of security. It is interesting to note that a 2002 GAO report specifically warned of spoofing as a content-oriented threat for commercial satellites and the unauthorized modification or deliberate corruption of network information, services, and databases, including malicious software implanted into computer systems referencing ground control stations as a target [6]. Just under 10 years later, we have experienced exactly what the GAO warned against.
In June 2012, a group of researchers at the University of Texas at Austin used the spoofing method described by the Iranians to hack the GPS system of a drone. This demonstrates the viability of the claim and presents another issue for concern: Adversaries have the ability to both commandeer and use the drones as flying missiles whether armed or not. The cost to spoof the drone was reported to be in the range of £700 or about $1100. This ratio of cost to the potential impact is a cornerstone of asymmetric warfare exhibited by Al-Qa’eda on 9/11. Questions over what security controls were or were not in place continue as U.S. military authorities maintain a tight lid on the exact problems and remediation methods employed since the downing of the RQ-170. Additional rumors surfaced that Iran overrode the RQ-170 self-destruct capabilities, while others have claimed no such capabilities exist on the drone.
A few years ago, a $29 program called SkyGrabber (as shown in Figure 14.1) made the news. SkyGrabber allowed interception of packet radio service from a laptop connected to a small satellite. Insurgents in Iraq (as shown in Figure 14.2) were using and training others to use the SkyGrabber software to intercept satellite and small drones communications used to scout positions of enemies prior to special forces or military activities in that particular area. Insurgents were able to intercept these communications with the $29 program largely because of lack of security over the communications between satellite and drone. This flaw was actually well known by the designers of the system. They did not apply the appropriate security controls because applying encryption to the process slowed the communications down to the point where they thought it was not effective. Regardless of their decision, insurgents intercepted this information for quite some time before being discovered. SkyGrabber uses what is called general packet radio service or GPRS. GPRS is a nonvoice service that is added to networks over 2.5- to 3-gigabit wireless communications. Consumers know this as 3 G or 4 G speeds [7]. The service uses IP transmissions to its advantage. Because Internet Protocol (IP) traffic is made of packets, the network does not need to have continuous data transmission. Each channel is divided eight timeslots, with a maximum data transmission of 13.4 kb per second. One of these timeslots is used for control, and normal allocation reserves two slots for voice traffic as well. Asymmetric traffic (more downloads and uploads) dictates the distribution of the remaining timeslots.
Requests are sent via the LAN connection, while responses are received from the satellite; since requests are usually small and responses are large, a narrowband connection is quite enough for requests. At the same time, responses were received at a high rate of 4 MB per second, which makes working with the Internet comfortable. If there is no encryption, it is open for interception. When the activity of the insurgents using SkyGrabber was made public, many pundits and even cyber security professionals called this interception hacking. What needs to be understood is that this was not a hack since there was in fact, nothing to hack. Without encryption, the communication mechanism is open for interception. Hacking refers to the reconfiguring or reprogramming of the system to function in ways not facilitated by the owner, administrator, or designer. The term has several related meanings in the information technology industry. A hack may refer to a clever quick fix to a computer program problem or to what may be perceived to be a clumsy solution to a problem. The terms hack and hacking are also used to refer to a modification of the programmer device to give the user access to features that were otherwise unavailable such as to do-it-yourself circuit bending [8]. It is from this usage that the term hacking is often incorrectly used to refer to more nefarious criminal uses such as identity theft, credit-card fraud, or other actions categorized as computer crime. Since there is a distinction between security breaking and hacking, a better term for security breaking would be cracking [8]. As we already know, responses are received from the satellite. However, the satellite cannot send data specifically to a particular user and so instead sends data to all dishes that receive a signal from it. Therefore, if you have the proper equipment, the signal is just waiting in the airwaves to be had.
As already surmised, it is not enough to position a small satellite dish, and that dish will also receive a signal with the same data that other satellites receive. The satellite dish may get the signal, but the question remains as to how to extract data from the intercepted signal. That is the purpose of the SkyGrabber program. The program captures what other satellite dishes download and saves the captured information to a laptop. Internet access is not required for this interception. The satellite dish needs to be rotated toward the provider, and the SkyGrabber program, with some configuration, will perform the data extraction. If the transmission is encrypted or encoded, the data extraction is prevented.
As with any information technology, information security and information assurance need to be built in from the beginning. Cyber security professionals have been stating this for years. Regardless, it seems that in the satellite industry as in many others, information security controls will not be built in until such time as a painful breach has occurred. This has been the standard mode of operation for designers, developers, and engineers for years.
Identifying Threats
In 1998 when Presidential Decision Directive 63 was originally issued, satellites were not included in the nation’s critical infrastructures. This was seen as a significant oversight in the satellite industry. The General Accounting Office (GAO) report in 2002 referenced issues concerning security around satellites and covered several different areas concerning security. The GAO report covered secure data links and communication ground stations. The report also discussed issues surrounding the use of satellites that have certain security controls especially established to enhance the availability of the satellite. Since the release of that report in 2002, much has been done to bolster the security of satellites. Satellites consist of ground station tracking and control links, which are referred to as a tracking telemetry and control (TT&C) links and data links and satellites. The GAO report examined unintentional threats to commercial satellite systems and divided the threats into three different areas:
Examples of the ground-based threat could be naturally occurring ones such as acts of God, earthquakes, hurricanes, tornadoes, and floods. Space-based threats could be related to solar activity, different temperature variations, and different types of space debris as more countries launch satellites. Interference-oriented threats to commercial satellite systems focus more on information technology. This deals with unintentional or intentional human interference caused by terrestrial and space-based wireless systems or computer systems intended to cause harm. The interference- and content-oriented threats that are intentional threaten commercial satellite systems with malicious software, denial-of-service attacks, distributed denial-of-service attacks, service moving data interception, and potential man-in-the-middle attack methods. This includes the jamming of communications between ground stations and satellite systems. Over the years, the United States government has worked to ensure the confidentiality, integrity, and availability of satellite systems, although the focus on security is limited based on risk. The likelihood of such an attack has not been high, although attacks are increasing each year as more attention is given to satellites. Since the attacks have not been of paramount concern, satellites related to cyber security controls have been limited in scope and function. It is probable that security controls will increase directly with the increase of threats and validated exploitation.
Communicating with Satellites
There are several methods for communicating with satellites. Many commercial satellites use baseband signals, a method that allows for only one car on the road at a time so to speak. Only one transmission either from the ground station to the satellite or from the satellite to the ground station can occur at a time. Direct broadcast satellites (DBS) is common to consumers. DBS is used by vendors such as DISH and DirecTV. DBS transmissions use various methods to secure the data transfer:
• Basic Interoperable Scrambling System, usually known as BISS, is a satellite signal scrambling system developed by the European Broadcasting Union and a consortium of hardware manufacturers. Prior to its development, “ad-hoc” or “Occasional Use” satellite news feeds were transmitted either using proprietary encryption methods (PowerVu) or without any encryption. Unencrypted satellite feeds allowed anyone with the correct equipment to view the program material.
• PowerVu is a conditional access system for digital television developed by Scientific Atlanta [1]. It is used for professional broadcasting, notably by Retevision, Bloomberg Television, Discovery Channel, AFRTS, and American Forces Network. PowerVu is also used by cable companies to prevent viewing by unauthorized viewers. PowerVu has decoders that decode signals from certain satellites for cable distribution services. These decoders can also be used just like the FTA (Free-To-Air) satellite receivers if properly configured. PowerVu is considered highly secure since it uses a complicated system to authorize each PowerVu receiver and trace its history of ownership and usage. Most PowerVu users are professional cable or satellite companies, using the service and equipment for signal redistribution, because regular users cannot afford it. On March 10, 2010, the hacker called Colibri published after previous work done in 2005 a cryptanalysis of a PowerVU system implementation. The hacker described a flawed design that can be used to gain access to the encryption keys and ultimately decrypt the transmitted content.
• DigiCipher 2, or simply DCII, is a proprietary standard format of digital signal transmission and encryption with MPEG-2 signal video compression used on many communications satellite television and audio signals. The DCII standard was originally developed in 1997 by General Instrument, which is now the Home and Network Mobility division of Motorola [9]. The original attempt for a North American digital signal encryption and compression standard was DigiCipher 1, which was used most notably in the now-defunct PrimeStar medium-power direct broadcast satellite (DBS) system during the early 1990s. The DCII standard predates wide acceptance of DVB-based digital terrestrial television compression (although not cable or satellite DVB) and therefore is incompatible with the DVB standard [9]. The primary difference between DigiCipher 2 and DVB lies in how each standard handles SI, or System Information. DigiCipher 2 also relies on the fact that its signals must be understood in terms of a virtual channel number in addition to the DCII signal’s downlink frequency, whereas DVB signals have no virtual channel number [9]. Approximately 70% of newer first-generation digital cable networks in North America use the 4DTV/DigiCipher 2 format. The use of DCII is most prevalent in North American digital cable television set top boxes. DCII is also used on Motorola’s 4DTV digital satellite television tuner and Shaw Direct’s DBS receiver [9].
Scrambling and de-scrambling equipment for cable and satellite televisions has been the norm for over 30 years. The solutions have evolved over the years to more advanced solutions for DBS.
There are other encryption methods for DBS such as the use of smart cards allowing a single user to access television shows based on the smart card, receiver hardware, and associated software that securely and accurately identifies the users and their individual subscriptions. This is truly commonplace in the commercial market. Advances have been made to incorporate the Advanced Encryption Standard (AES) in satellite transport networks, providing much greater security using encryption keys. Regardless of the security solution in use, the intent is to protect pay-TV signals enforcing subscription-based access to available programs.
Improving Cyber Security
According to a 2009 report from IGI Global as written by Marlyn Kemper Littman titled “Satellite Network Security,” satellite transmissions are subject to lengthy delays, low bandwidth, and high bit-error rates that adversely affect real-time, interactive applications such as videoconferences and lead to data corruption, performance degradation, and cyber incursions [10]. Littman goes on to say that multiple layers of security covering all aspects of the satellite’s ecosystem is needed to adequately protect satellite networks. This includes policies and legislation requiring minimum necessary security protocols and standards. The Defense Information Systems Network (DISN) Satellite Transmission Services Global (DSTS-G) Performance Work Statement states that:
DODD 8581.1E requires that commercial satellites used by the Department of Defense employ NSA-approved cryptography to encrypt and authenticate commands to the satellite if supporting Mission Assurance Category (MAC) I or II missions as defined in DoD Directive 8500.1. While NSA approved cryptography is preferred for satellites supporting MAC III missions, cryptography commensurate with commercial best practices is acceptable for encrypting and authenticating commands to satellites that only support MAC III missions.
The change in cryptography requirements is for commercial interoperability with DOD satellite systems. These changes went into effect in 2005 and represent a shift to encrypt using the latest technologies transmitted over higher bandwidth, using mission-specific data networks. The change also calls for continued modifications to the security environment as new threats appear and new solutions are available. The cryptography requirements directly align to the Satellite Internet Protocol Security or SatIPSec initiative from 2004. This protocol provides for encrypted transmissions using a standard symmetric method that clearly identifies the sender and receiver. SatIPSec used in conjunction with the Satellite-Reliable Multicast Transport Protocol (SAT-RMTP), which provides secure transmission methods for audio and video files, enhances the satellite ecosystem security posture.
There are several areas for improvement in satellite cyber security. As with many commercial ventures, the sharing of information is limited due to the potential for leaking intellectual property or proprietary processes, procedures, and methods. The information and cyber security industry is rife with examples of limited information sharing. Most companies are remiss to share information on breaches due to the potential embarrassment public awareness could bring. What is missed is the opportunity to share remediation strategies and information on the attacker. This actionable intelligence could prevent other organizations from suffering the same fate. Methods of remediation that are successful should be shared across the satellite industry and within federal and state governments. The opportunity to share effective security practices could vastly improve satellite cyber defenses. Information sharing coupled with the appropriate education and awareness-raising efforts for the satellite industry is an effective method of propagating actionable intelligence.
Until recently, organizations did not agree on what represented an attack. The underlying issue is the use of a common taxonomy relative to satellite security. Incorporating already defined words, phrases, and concepts from the information security community can and will speed up the adoption of and integration of a common book of knowledge (CBK) surrounding satellite cyber security. Just as Web sites and applications on the Internet are subject to continuous probes, scans, denial of service, and distributed denial-of-service activity, the satellite industry faces continuous intentional interference and jamming. The satellite industry could learn how to adopt methods of interference and jamming prevention by incorporating proven principles and methods achieved over years of parallel activity on the Internet. Additionally, organizations managing satellites need to distinguish between advertent and inadvertent events and events that are intentional and unintentional. The data points gathered by the scores of government and commercial satellite organizations worldwide could be organized into information that is analyzed for links, tendencies, and trends to help devices’ ever-changing defenses to transmission penetration and jamming. The underlying premise is information sharing for the benefit of nonhostile entities to improve their defensive, preventive, and even predictive countermeasures through intelligence analysis of satellite-specific data points using proven methods in cyber security. An organization such as the National Council of Information Sharing and Analysis Centers (ISAC) could sponsor or propose an ISAC specific to the satellite industry adopting proven methods across the member ISACs to assist in information-sharing activities. The Communications ISAC could further expand into the satellite industry with very specific goals, emphasizing sharing information used to mitigate and prevent typical satellite-related impacts to confidentiality, integrity, and availability.
Many members of the cyber security industry may overlook the physical security aspects of satellite security. Like any centralized management function, satellite monitoring and maintenance is performed from a ground location. Data centers require hardened perimeters and multiple layers of redundancy. Satellite ground controls stations require the same level of attention to security detail. These facilities should have standardized CCTV and access control methods. Security guards performing 24×7 monitoring and response and employee training and awareness programs must be in place. Many ground control stations are not equipped to withstand electromagnetic plus radiological fallout, or instances of force majeure. They lack what many in the information technology industry would term standard requirements for availability. Furthermore, many ground control stations are within proximity of public areas, providing potentially easy access for those with malicious intent. Standards for the continuity of operations for ground control stations should include conditioned and generated power, as well as backup locations in varied geographic locations with an inventory of equipment available in case of an incident.Ground control centers should also practice disaster recovery and business continuity through regularly scheduled exercises. The points mentioned herein are standard functions of an information technology data center that can and should be applied to the satellite industry. All ground control stations should have centralized and backup network operations, security operations, and satellite operations centers integrated into a cohesive monitoring and data-sharing environment.
Several “anti” solutions should be tested and embedded in each satellite’s ecosystem based on risk. Sensitive or military satellites should be required to consistently and continually provide antijamming, antispoofing and antitampering capabilities that can be monitored by the ground control station. Ground control stations need to be outfitted with prevention-based cyber security solutions that either prevent or detect penetrations, prevent malware and data exfiltration, and monitor, record, and analyze malware characteristics.
Another concept for all U.S.-based satellites is the use of all appropriate satellites to act as a sensor while in orbit. The idea is for each satellite to share information on surveilled targets after agreeing to install a government payload or sensor that provides a space-based surveillance and warning network. This concept borrows from cyber security technologies using sensors to monitor network activity across government or commercial entities. The government could offer some type of concession or support to the commercial organization in exchange for carrying the nonintrusive payload.
Although many of the recommendations are already a regular occurrence in military satellite systems, commercial systems do not necessarily require the same level of security or scrutiny. Regardless, recent interference and jamming of satellite-controlled device under the military’s purview and the penetration of malware of ground control stations indicate a need for increased attention to security whether it is cyber or of a more traditional need. A call for all satellite ecosystems to undergo assessment and authorization procedures as defined in the Federal Information Security Management Act (FISMA) and as detailed on the DoD Information Assurance Certification and Accreditation Process (DIACAP) may be warranted based on the role satellites play in critical infrastructures. The use of DIACAP and DSTS-G can help drive cyber security framework standardization for satellites (see checklist: An Agenda for Action for Implementing Cyber Security Framework Standardization Methods for Satellites). They can help drive mitigation measures using onboard satellite radio frequency encryption systems.
When it comes to ground-based network operations centers (NOC) and security operations centers (SOC), traditional cyber security standards and controls apply for both physical and virtual measures. Much the same applies to interference. Interference in the satellite ecosystem comes from several sources such as human error, other satellite interference, terrestrial interference, equipment failure, and intentional interference and jamming [11].
The satellite industry continues to take steps to mitigate and deliver countermeasures to the various types of interference. Use of various types of shielding, filters, and regular training and awareness can help reducemost types of interference. Intentional or purposeful interference (PI) is not remediated through these measures. The satellite industry has created an information technology mirror process and procedure called the Purposeful Interference Response Team or PIRT. Many of the same methods, processes, and procedures used in a computer emergency response team (CERT) program have been adopted for use in the PIRT.Root cause analysis of PIRT incidents is shared back into the process and out to satellite owners to ensure effective security practices and countermeasures are shared across the industry. Communications and transmission security measures are employed using standards such as those defined by the National Institutes of Standards and Technology (NIST) and its Federal Information Process Standard (FIPS) 140–2.
As the satellite industry continues its move toward traditional information technology-type hybrid networks, satellites will be subjected to the same types of IT vulnerabilities that ground-based systems suffer today. The issues associated with this migration are apparent, but so too are the solutions. Cyber security standards, processes, procedures, and methods are available without the need for creating them anew. Regardless, their application is required in the design phase of the satellite ecosystem in order to be fully effective. Onboard IT systems provide greater features and real-time modifications, but they also introduce traditional IT vulnerabilities and exploits if not managed properly.
2 Summary
Contrary to what is portrayed in Hollywood, satellites cannot be immediately retasked, nor can they see and hear everything humans do. Satellites have progressed substantially over the years, providing society with cell phone services, pay-TV solutions, hand-held global position systems, GPS for automobiles, motorcycles, and boats, telemedicine, and law enforcement. Satellites play roles in society that are now commonplace. The ubiquitous nature of satellites combined with advances in computing power and capabilities is a double-edged sword for satellite ecosystems. The last several years have seen a parallel increase in satellite deployments and efforts to purposefully interfere with satellites, jam satellite transmissions, and penetrate components of the satellite ecosystem with malicious code. In many cases, radio frequency interference and jamming has been confused as hacking. This may change in time as satellites increase the use of onboard computer capabilities with remote updating needs and patching requirements, much like land-based information technology systems. Foreign intelligence services continue to target U.S. satellite ecosystems in particular, with ground control stations as the least path of resistance method of penetration for traditional computer hacking and malware distribution. Once penetrated, the malware can perform various tasks based on its payload. To date, the payload has been intelligence gathering. Future penetrations could result in cyber sabotage or terrorist activities, resulting in the loss of life and disruptions to critical infrastructures.
The need to build cyber security into satellite ecosystems can remediate risk at inception. The risk-based approach, heavily reported to be the best method of cyber security posture management, could in fact be nothing more than a step in developing a cyber security life cycle—a life cycle that could mature appreciably by transparently embedding cyber security into every facet of every process, procedure, method, and component of the satellite ecosystem.
Finally, let’s move on to the real interactive part of this chapter: review questions/exercises, hands-on projects, case projects, and optional team case project. The answers and/or solutions by chapter can be found in the Online Instructor’s Solutions Manual.
Chapter Review Questions/Exercises
True/False
1. True or False? Very Small Aperture Terminals (VSATs) are prevalent in everyday lives.
2. True or False? Recently, there have been writings on the Internet of the potential for hacking NASA satellites to access the Curiosity land rover on Venus.
3. True or False? In October of 2011, Wright Patterson Air Force Base was the subject of a malware attack on the Predator and Reaper drones.
4. True or False? In June of 2012, a group of researchers at the University of Texas at Austin used the spoofing method described by the Iranians to hack the stealth system of a drone.
5. True or False? A few years ago, a $29 program called SkyGrabber made the news. The program allowed interception of packet radio service from a laptop connected to a large satellite.
Multiple Choice
1. Examples of the ________________ could be those that are naturally occurring such as acts of God, earthquakes, hurricanes, tornadoes, and floods.
2. There are several methods for communicating with satellites. Many commercial satellites use __________, a method that allows for only one car on the road at a time so to speak?
3. What is a satellite signal scrambling system developed by the European Broadcasting Union and a consortium of hardware manufacturers?
A. Basic Interoperable Scrambling System (BISS)
4. What is a conditional access system for digital television developed by Scientific Atlanta?
5. What is a proprietary standard format of digital signal transmission and encryption with MPEG-2 signal video compression used on many communications satellite television and audio signals?
Exercise
Problem
A GAO report examined unintentional threats to commercial satellite systems. The report broke the threats into three different areas. What were those areas?
Hands-On Projects
Project
Please explain in explicit detail the Basic Interoperable Scrambling System.
Case Projects
Problem
Please explain PowerVu in explicit detail.
Optional Team Case Project
Problem
Please explain DigiCipher 2 in explicit detail.
References
1. C. David, State of the Satellite Industry, Washington, DC, November 13, 2006.
2. D. Morrill, Hack a satellite while it is in orbit. <http://it.toolbox.com/blogs/managing-infosec/hack-a-satellite-while-it-is-in-orbit-15690>, April 13, 2007.
3. Sri Lankan rebels deny illegal use of US satellite. <http://www.radioaustralia.net.au/international/2007-04-13/sri-lankan-rebels-deny-illegal-use-of-us-satellite/721866>, April 2007.
4. C. Franzen, Report: Chinese military suspected in hacks of U.S. government satellites. <http://idealab.talkingpointsmemo.com/2011/10/report-chinese-military-suspected-in-hacks-of-us-government-satellites.php>, October 27, 2011.
5. N. Owano, RQ-170 drone’s ambush facts spilled by Iranian engineer. <http://phys.org/news/2011-12-rq-drone-ambush-facts-iranian.html>, December 17, 2011.
6. Office, United States General Accounting. Critical Infrastructure Protection Commercial Satellite Security Should Be More Fully Addressed. Washington, United States GAO, 2002.
7. What is meant by gprs connection?. <http://answers.yahoo.com/question/index?qid=20060828085726AAKiqNr>, 9 1, 2006.
8. Free Engineering Seminar PPT Slides DOC. <http://www.urslides.com/> February 10, 2012.
9. DigiCipher 2. <http://mp3umax.org/?p=DigiCipher_2>, January 1, 2012.
10. M.K. Littman, Satellite Network Security. Fort Lauderdale, Nova Southeastern Unniversity, USA, 2009.
11. Committee, President’s National Security Telecommunications Advisory. NSTAC Report to the President on Commercial Satellite Communications Mission Assurance. Washington, DC, NSTAC, 2009.