Hacked Satellites?: USCC Makes Claims It Can’t Support

December 1, 2011 | 1:56 pm
Laura Grego
Research Director, Senior Scientist

The US-China Security and Economic Commission (USCC) presented its annual report to Congress this month. The draft report was reported on by Bloomberg, in particular, the claim that the Chinese military may have hacked two US satellites, the Landsat-7 and Terra spacecraft, a total of four times in 2007-2008.

My first thought was: hacking Landsat? Really? Why would China try to hack a low-resolution earth-monitoring satellite, much of whose data are distributed free and freely, and for which system China even has operated a ground station to assist in collecting data?

What’s the evidence for that? The short answer is: very little.

The long answer is that it’s a pretty sensational claim, and worth taking a closer look at the details.

What are Landsat-7 and Terra?

Landsat-7 and Terra, both launched in 1999, are both remote sensing satellites that are part of NASA’s Earth Observing System (EOS), which provides earth observations to support research on climate and environmental change.

The Landsat program has been providing a continuous record of the Earth’s surface for almost 40 years, starting with the launch of Landsat 1 in 1972. The observation planning emphasizes seasonal changes in vegetation and repeated observations under cloudless conditions. As environmental changes occur on the earth’s oceans, land, and atmosphere, new data can be compared with the historical record.

Terra, a US-Canada-Japan partnership, is a flagship satellite of the EOS system. Terra’s five instruments can, for example, measure changes in vegetation cover and the occurrence of algae blooms in bodies of water, trace forest fires and lava flows, and provide information on the change in ice and snow cover and atmospheric pollution. Data from Terra are widely available; they are even broadcast in real time for reception by anyone who cares to listen.

Landsat-7 broadcasts data to a number of international ground stations that assist in data collection. Landsat data are a widely used public resource. Over one million Landsat observations have been downloaded from the US Geological Survey Earth Resource Observation and Science (EROS) Center since October 2008, when all Landsat-7 data began to be offered free to the public. (A few months later, all Landsat archival data were made freely available.)

It is not clear that the incidents were actually hacking. The computer systems involved were not US government computers but those of a commercial satellite operating service.

In an email response to an inquiry, NASA Public Affairs Officer Trent Perrotto confirmed two “suspicious events” affected its Terra AM-1 satellite. Perrotto did not specifically attribute them to hacking (rather than, say, a software glitch or operator error?). He also wrote that no commands were sent to the satellite, nor were any data taken or manipulated, nor was any damage done. (Perrotto declined to discuss the Landsat incidents since Landsat is operated by the US Geological Survey.)

The Bloomberg news article based on the draft report states that

 Landsat-7 and Terra AM-1 satellites utilize the commercially operated Svalbard Satellite Station in Spitsbergen, Norway that “routinely relies on the Internet for data access and file transfers,” says the commission, quoting a NASA report.

According to the Landsat website, command and control for Landsat-7 is provided by a station at the US Geological Survey center in Sioux Falls, South Dakota and Svalbard Satellite Station is used as a backup station. The Svalbard Satellite Station is operated by a Norwegian commercial service, Kongsberg Satellite Services. It is unclear from public information whether Svalbard is a primary tracking and control station for Terra; it is listed as an occasionally used downlink station.

Kongsberg Satellite Services company brochure says it provides telemetry, tracking, and command services as well as data acquisition and handling, for more than 60 satellites. Its customers include government space agencies such as NASA, European Space Agency, Japan Aerospace Exploration Agency (JAXA), and as well as commercial companies such as Arianespace, DigitalGlobe, and GeoEye.

The USCC report does not mention whether any other satellites handled by Svalbard experienced suspicious incidents. This would seem to be a key clue to the nature of the interference.

In fact, the final USCC report makes no mention of the Svalbard Station at all. That seems like a significant omission since one could surmise that hacking into a commercial station may be easier to do than hacking into a government owned and operated station, particularly a military ground station serving national security assets.

Landsat-7 and Terra are not strategically important or national security-related satellites. It is unclear what advantage an unauthorized user could obtain. This situation is not generalizable to national security satellites.

Landsat-7 and Terra do not carry high-resolution imaging equipment and are not strategic assets. They are not used for national security purposes and the data are already very widely available to the international community. Landsat’s best spatial resolution is 15 m (50 feet), suitable for resource management. The Terra satellite is not primarily an imaging satellite, but its best spatial resolution is about the same as Landsat-7. To compare, GeoEye commercial imagery satellites sell earth images with 0.5 m resolution, and the resolution of US spy satellites are quite a bit better than that. Taking control of the Landsat-7 or Terra satellites to change what they look at or to stop them from working would not serve a strategic purpose.

Let’s take a look at what the SCC report suggests China could do by controlling these satellites:

If executed successfully, such interference has the potential to pose numerous threats, particularly if achieved against satellites with more sensitive functions. For example, access to a satellite’s controls could allow an attacker to damage or destroy the satellite.The attacker could also deny or degrade as well as forge or otherwise manipulate the satellite’s transmission. A high level of access could reveal the satellite’s capabilities or information, such as imagery, gained through its sensors. Opportunities may also exist to reconnoiter or compromise other terrestrial or spacebased networks used by the satellite.

Even if the “suspicious incidents” were indeed a hacker gaining control of the computer operating Terra and Landsat, this technique is unlikely to be generalizable and does not suggest the same could be done with high value or national security satellites. Presumably high value satellites would not be operated by a commercial company outside the direct control of the US government, nor would they be connected to the internet.

The USCC report references “a briefing the US Air Force provided to the Commission on May 12, 2011” as the primary source of information. In addition, unnamed sources from NASA and the US Geological Survey confirmed that anomalous events took place. Both sources appear only to confirm that suspicious incidents happened, not that they were the result of hacking or were associated with China.

The USCC report confirms this specifically:

These events are described here [in a report on China] not on the basis of specific attribution information but rather because the techniques appear consistent with authoritative Chinese military writings.

(The “authoritative writings” are discussed below.)

Neither NASA nor DOD claim that China was behind this. Discussing the Terra incident, NASA’s spokesperson Perrotta simply said:

NASA notified the Department of Defense, which is responsible for investigating any attempted interference with satellite operations.

A Reuters article digs a little deeper and specifically asks General Robert Kehler, head of US Strategic Command, whether the incidents were attributable:

Kehler spoke to reporters during a conference hosted by his command on cyber and space issues. He was asked by Reuters whether he could assign blame for the possible efforts to take control of the Landsat-7 and Terra AM-1 satellites, as reported by the commission.

“First of all, I am familiar with the two incidents,” he replied. “The best information that I have is that we cannot attribute those two occurrences.”

“I guess I would agree that we don’t have sufficient detail,” Kehler added.

What are the Chinese writings the USCC cited and how authoritative are they?

The sole source given by the USCC for the assertion that China is interested in gaining control of US satellites is a book by Chang Xianqi, Military Astronautics. UCS’s Gregory Kulacki discussed General Chang’s writings in his report Anti-Satellite (ASAT) Technology in Chinese Open-Source Publications:

While Chang’s military rank may make him sound credible, he is an academic administrator who spent most of his career at one institution, the Academy of Equipment Command & Technology… Although he eventually rose to become President of the Academy, and holds what would appear to American observers as a high military rank, Chang’s vita defines him as a marginal figure in the Chinese military. The rank of Major General in the PLA does not confer the same breadth of experience and accomplishment as it does in the U.S. Army. The Academy of Equipment Command and Technology is essentially a vocational college that trains the managers and technicians who work in China’s satellite launch facilities and weapons proving grounds. The primary focus is on teaching, not research, and students select from a small number of specializations such as computer networking, image processing, signals processing and satellite tracking. The fact that Chang’s career was confined to this one midlevel educational institution, and that he remained there as a professor even after his presidency, is a strong indication that Chang does not play a significant role in the formation of Chinese military doctrine or the implementation of Chinese military policy. He also does not hold a significant position in the Chinese Communist Party, having not been elected, even as an alternate, to the Central Committee.

To sum up:

These suspicious incidents may or may not have been caused by hacking. They appear to have involved computers operated by a commercial service provider—not by the US government. No commands were issued to the satellites, nor were any data manipulated or stolen. The satellites involved were nonstrategic, low-resolution environmental monitoring satellites. There is no evidence presented linking these events to the Chinese government; the USCC includes these incidents in their report to Congress on China on the basis of claims by a “marginal figure” in China that China is interested in such pursuits.

This doesn’t mean China is not capable of or interested in the ability to control U.S. satellites. But the evidence presented to Congress by the USCC makes an extremely poor case for it.