Satellite Hacking and China’s Role

The U.S.-China Economic and Security Review Commission, a U.S. Congressional Commission charged with monitoring the trade and economic relationship between the United States and the People’s Republic of China (China) and assessing its security implications, issued a draft annual report in late October that concluded that computer hackers, possibly affiliated with China’s military, had interfered with two U.S. government Earth terrain and climate surveillance satellites, Landsat-7 and Terra AM-1, several times in 2007 and 2008. In one 2008 case, according to the draft report, the hackers achieved command and control of the Terra AM-1 spacecraft, although they did not exercise that control.

According to the draft report, the hackers used a commercially operated ground station located in Norway to gain access to the two satellites, and also took measures to obscure their attacks and cover their tracks. The draft report, with the final report to be released in November, does not specify the nature of the hackers’ attacks, but underscores the increasing vulnerability of both military and commercial satellites to hacking attacks and intrusions. The two satellites, which are not “hardened” against both attack and signal interception as are the most sensitive of Department of Defense and National Security Agency satellites, are nevertheless sources of strategically valuable reconnaissance data in their own right, and can obviously serve as practice for attacks on more secure satellites. In the case of Landsat-7 and Terra AM-1, the Spitsbergen, Norway Earth station uses Internet Protocol (IP) for data transfers, and is more vulnerable at that network node than closed network data file transfer systems would be. The draft report warns that hacking attacks pose the risk of destabilizing or degrading orbits, damaging or destroying satellites and blocking, manipulating, forging or otherwise interfering with uplink and downlink transmissions. Although the draft report does not accuse the Chinese government or military of orchestrating the attacks, it asserts that the attacks are consistent with known Chinese doctrines for disabling other countries’ space systems.

Reports of hacking attacks against U.S computer networks by China-based hackers have circulated for years, but have been resistant to concrete proof. While the Pentagon and Congress have identified sources of hacking attacks other than China, they are on record as believing that China is the source of much of it, and that the attacks are part of a larger pattern of digital government and industrial espionage against security-related information and intellectual property. The Commission and Pentagon further believe that China has particularly targeted the U.S. defense establishment for intrusion. China has denied the reports and asserted that the allegations are intended by the U.S. Government to vilify China unjustly. The Commission’s 2009 report acknowledged that there was no proof that hackers were affiliated with the Chinese government, but asserted that much of the hacking activity against government and industrial digital networks bore Chinese “handwriting,” among other things, originating from Chinese IP addresses.

The implications of the 2009 and 2011 reports cannot be underestimated. The efforts that both government and commercial operators may have to make, and require satellite manufacturers to participate in, to secure satellites against hacking and their transmissions, including the content borne by those transmissions, against interception, is a moving and always receding target. Customers will demand the best protection obtainable, and those costs will be, in whole or in part, passed on to customers or imperil margins. To the extent the U.S. government is relying on commercial satellites for a range of services, the pressure to protect against hacking will be even greater.

Perhaps as important, it is critical to substantiate the allegations being made. Knowing something and proving it is not the same thing, and if the United States can prove that the source of hacking is China or China-affiliated persons or organizations, it will be better positioned to exert pressure unilaterally, multilaterally and through non-governmental organizations to pressure China to desist. As China becomes a space-faring power itself and a potential target of the same kind of attack, it will of course have reason to think more about the consequences of doing so, just as its increasing production of intellectual property will alter its acceptance of intellectual property piracy. Until that happens, and perhaps even after it does, satellite hacking remains a credible and serious threat.

Owen D. Kurtin is a practicing attorney in New York City and a founder and principal of private investment firm The Vinland Group LLC. He may be reached at [email protected].