Tag: telecommunications

Cybersecurity in space

Featured image: The International Space Station, 2011. Credit: gsfc/Flickr, CC BY 2.0

On May 19, 1998, the Galaxy IV satellite shut down unexpectedly in its geostationary orbit. Immediately, most of the pagers in the US stopped working even as the Reuters, CBS and NPR news channels struggled to stay online. The satellite was declared dead a day later but it was many days before the disrupted services could be restored. The problem was found to be an electrical short-circuit onboard.

The effects of a single satellite going offline are such. What if they could be shutdown en masse? The much-discussed consequences would be terrible, which is why satellite manufacturers and operators are constantly devising new safeguards against potential threats.

However, the pace of technological advancements, together with the proliferation of the autonomous channels through which satellites operate, has ensured that operators are constantly but only playing catch-up. There’s no broader vision guiding how affected parties could respond to rapidly evolving threats, especially in a way that constantly protects the interests of stakeholders across borders.

With the advent of low-cost launch options, including from agencies like ISRO, since the 1990s, the use of satellites to prop up critical national infrastructure – including becoming part of the infrastructure themselves – stopped being the exclusive demesne of developed nations. But at the same time, the drop in costs signalled that the future of satellite operations might rest with commercial operators, leaving them to deal with technological capabilities that until then were being handled solely by the defence industry and its attendant legislative controls.

Today, satellites are used for four broad purposes: Earth-observation, meteorology and weather-forecasting; navigation and synchronisation; scientific research and education; and telecommunication. They’ve all contributed to a burgeoning of opportunities on the ground. But in terms of their own security, they’ve become a bloated balloon waiting for the slightest prick to deflate.

How did this happen?

Earlier in September, three Chinese engineers were able to hack into two Tesla electric-cars from 19 km away. They were able to move the seats and mirrors and, worse, control the brakes. Fortunately, it was a controlled hack conducted with Tesla’s cooperation and after which the engineers reported the vulnerabilities they’d found to Tesla.

The white-hat attack demonstrated a paradigm: that physical access to an internet-enabled object was no longer necessary to mess with it. Its corollary was that physical separation between an attacker and the target no longer guaranteed safety. In this sense, satellites occupy the pinnacle of our thinking about the inadequacy of physical separation; we tend to leave them out of discussions on safety because satellites are so far away.

It’s in recognition of this paradigm that we need to formulate a multilateral response that ensures minimal service disruption and the protection of stakeholder interests at all times in the event of an attack, according to a new report published by Chatham House. It suggests:

Development of a flexible, multilateral space and cybersecurity regime is urgently required. International cooperation will be crucial, but highly regulated action led by government or similar institutions is likely to be too slow to enable an effective response to space-based cyberthreats. Instead, a lightly regulated approach developing industry-led standards, particularly on collaboration, risk assessment, knowledge exchange and innovation, will better promote agility and effective threat responses.

Then again, how much cybersecurity do satellites need really?

Because when we speak about cyber anything, our thoughts hardly venture out to include our space-borne assets. When we speak about cyber-warfare, we imagine some hackers at their laptops targeting servers on some other part of the world – but a part of the world, surely, and not a place floating above it. However, given how satellites are becoming space-borne proxies for state authority, they do need to be treated as significant space-borne liabilities as well. There’s even precedence: In November 2014, an NOAA satellite was hacked by Chinese actors with minor consequences. But in the process, the attack revealed major vulnerabilities that the NOAA rushed to patch.

So the better question would be: What kinds of protection do satellites need against cyber-threats? To begin with, hackers have been able to jam communications and replace legitimate signals with false ones (called spoofing). They’ve also been able to invade satellites’ SCADA systems, introduce viruses to trip up software and,  pull DOS attacks. The introduction of micro- and nanosatellites has also provided hackers with an easier conduit into larger networks.

Another kind of protection that could be useful is from the unavoidable tardiness with which governments and international coalitions react to cyber-warfare, often due to over-regulation. The report states, “Too centralised an approach would give the illicit actors, who are generally unencumbered by process or legislative frameworks, an unassailable advantage simply because their response and decision-making time is more flexible and faster than that of their legitimate opponents.”

Do read the full report for an interesting discussion of the role cybersecurity plays in the satellite services sector. It’s worth your time.

AT&T, the weakest link

In the throng of American companies and their confused compliance with the National Security Agency’s controversial decade-long snooping on internal and international communications, The New York Times and ProPublica have unravelled one that actually bent over backwards to please the NSA: AT&T. The basis of their allegations is a tranche of NSA documents detailing the features and scope of AT&T’s compliance with the agency’s ‘requests’, dating from 2003 to 2013.

The standout feature of the partnership is that, according to a note from AT&T, it wasn’t contractual, implying the ISP hadn’t been coerced into snooping and sharing data on the traffic that passed through its domestic servers. As ProPublica writes, “its engineers were the first to try out new surveillance technologies invented by the eavesdropping agency”. One of the documents even goes as far as to “highlight the Partner’s extreme willingness to help with NSA’s SIGINT and Cyber missions”.

The documents were part of those released by whistleblower Edward Snowden in 2013. According to the reporters, the three entities implicated in them – NSA, AT&T and Verizon – refused to discuss the findings, in keeping with what has become a tradition of various ISPs refusing to reveal the terms of their ‘collaborations’ and the NSA refusing to reveal the ISPs it did work with. Since Snowden released the documents in 2013, public ire against the government’s intrusive snooping programmes have increased even as President Barack Obama as well as the judiciary have been in agreement that revealing any more details than Snowden already had would threaten national security.

As a result, the news that AT&T didn’t bother challenging the NSA throws valuable light on how the agency was able to eavesdrop on foreign governments and international organisations.

The ISPs aren’t named but are referred to by code names, but their real identities were given away when the dates of some of their surveillance ops coincided, sometimes too perfectly, with dates on which some fibre optic cables were ‘repaired’. For example, a document dated August 5, 2011, talks about Fairview’s data-logging resuming over a cable damaged by the earthquake near Japan in the same year – while, ProPublic states, a “Fairview fiber-optic cable … was repaired on the same date as a Japanese-American cable operated by AT&T”. So, the Fairview programme was found to be NSA + AT&T and the Stormbrew programme, NSA + Verizon/MCI.

However, AT&T got more attention than Stormbrew. In 2011, the NSA spent $188.9 million on AT&T and less than half that on Verizon, possibly because the former also practiced peering, a technique in networking where one company relays data through the network on behalf of other companies. As a result, users’ data from other ISPs and TSPs also ended up going through the wired AT&T servers.

AT&T’s complicity dates back to the mid-1980s, when antitrust regulators broke up the monopolistic Ma Bell telephone company, a fragment of which was AT&T. Its formation roughly coincided with NSA’s launching the Fairview program into which the TSP got subsumed. Following the 9/11 attacks, both Fairview and Stormbrew assumed centre-stage in the agency’s anti-terrorism programmes, with Fairview being especially effective. As the Times writes, “AT&T began turning over emails and phone calls ‘within days’ after the warrantless surveillance began in October 2001”.

All the documents disclosed by the publications in the latest release are available here.

The Wire
August 16, 2015