November 08, 2011

China-US satellite warning a hot-button issue

By Craig Guthrie

HUA HIN, Thailand - It's a nightmare scenario for proponents of China's "counter-space" threat. A group of military-grade Chinese hackers access United States Earth observation satellites through a ground station in the Arctic. With a full array of commands at their disposal, the hackers manipulate and glean valuable environmental data. When conflict erupts, the satellites are programmed to self-destruct, or take down more valuable targets.

The US-China Economic and Security Review Commission (USCC), a congressional body, hints in its latest report that the People's Liberation Army has already opened the door to such a strike, finding that US environment-monitoring satellites were interfered with four or more times in 2007 and 2008 and that "thetechniques appear consistent with authoritative Chinese military writings".

The forthcoming annual report for the independent congressional advisory panel states in the chapter "China's Activities Directly Affecting US Security Interests" that in October 2007 and July 2008 the earth observation satellite Landsat-7 "experienced 12 or more minutes of interference". Landsat-7 is jointly managed by the National Aeronautics and Space Administration (NASA) and the US Geological Survey.

More worrying are the commission's findings that the defenses of the Terra EOS (earth observation system), a NASA satellite, were breached for two and then 10 minutes in June and October 2008. "The responsible party achieved all steps required to command the satellite, but did not issue commands".

"For countries that can never win a war with the United States by using the method of tanks and planes, attacking the US space system may be an irresistible and most tempting choice," the reports cites a China expert, who it didn't identify, as saying.

NASA has since acknowledged "suspicious events" with Terra, while the US Geological Survey has confirmed that its Landsat-7 mapping satellite experienced two ''anomalous'' radio frequency events.

However, US experts have raised doubts over the report's findings and suggested the USCC has ventured beyond its remit of monitoring US-Chinese relations. Meanwhile, Beijing's spokesman has rejected the claims as "fabricated" and based on the commission harboring "ulterior motives".

The USCC states in its report that China's military-related space activities can be divided into "reconnaissance-strike complexes" and "counter-space weapons", with the latter enabling attacks on adversary space systems from the ground through, "deception that involves the interception or forgery of transmissions".
Such interference poses numerous potential threats, particularly if achieved against satellites with more sensitive functions. For example, access to a satellite's controls could allow an attacker to damage or destroy the satellite. The attacker could also deny or degrade as well as forge or otherwise manipulate the satellite's transmission. A high level of access could reveal the satellite's capabilities or information, such as imagery, gained through its sensors. Opportunities may also exist to reconnoiter or compromise other terrestrial or space-based networks used by the satellite ...

[T]he techniques appear consistent with authoritative Chinese military writings. For example, according to Military Astronautics, [1] attacks on space systems "generate tremors in the structure of space power of the enemy, cause it to suffer from chain effects, and finally lose, or partly lose, its combat effectiveness." One tactic is "implanting computer virus and logic bombs into the enemy's space information network so as to paralyze the enemy's space information system.

This could critically disrupt the US military's ability to deploy and operate during a military contingency.
The commission then goes on to identify a likely weak link that would allow PLA hackers access, noting that SvalSat, a satellite ground facility used by the observation satellites located in the Arctic archipelago of Svalbard, has a high-bandwidth connection to the Norwegian telecommunications grid.

While the USCC states that the use of such infrastructure presents "potential opportunities for malicious actors to gain access to restricted networks", Konsberg Satellite Services (KSAT) president Rolf Skatteboe insists the report's assertions are completely off the mark.

"KSAT has not experienced any attempt to enter into the company's systems from outside sources,'' Skatteboe wrote in a media statement. ''We do not have any indication that hacking of satellites using KSAT Svalbard station has taken place. A careful screening of our security systems has not indicated any attempts to access SvalSat from unauthorized sources.

''The Internet is occasionally used for distribution of x-band payload data received from the satellite to the end user. Hence, this communication channel is not an access point for hacking if it were to happened."

Regardless of access through the Norwegian ground station, US experts say the interference proves Washington needs to firm up its cyber-security on space assets.

''These reports are troubling, though not too surprising, given that they rely on commercial Internet-connected satellite ground stations,'' Bruce MacDonald, senior adviser at the United States Institute of Peace (USIP) and the Director of the Space Working Group, told Asia Times Online.

"Not only the government, but the commercial sector needs to a much closer look at cyber and other vulnerabilities of such stations, and take steps to substantially upgrade their security." MacDonald was quoted in the USCC in its report.

Underscoring the commercial value of such data is Terra's involvement in geological surveying for rare earths. While China controls about 60% of the global supply of the increasingly important commodity through a state firm located in the Inner Mongolia Autonomous region, neighboring independent Mongolia has uncovered significant deposits with the help of Terra.

A Taiwanese study on south Mongolia's Gobi desert in 2007 found that Terra's ASTER (Advanced Spaceborne Thermal Emission Reflection Radiometer) sensor imaging to be an "important source of information about absorption in transition metals, especially iron and some rare-earth elements." It also recommended comparing ASTER mineral mapping with Landsat-7 data. [2]

While the Norwegian ground station refutes the USCC report's allegations and Macdonald states it has revealed US vulnerability, other US experts doubt the group's motives.

"The US-China Commission has made some speculative leaps and outright translation and reporting errors in the past", Joan Johnson-Freese, chair of the National Security Decision Making Department at the US Naval War College, told Asia Times Online. She cites a case where her and a colleague informed congress of "significant" errors in testimony in the May 2008 USCC hearing "China's Proliferation Practices and the Development of its Cyber and Space Warfare Capabilities". [3]

"Cyberspace is an area of significant concern, and the US needs to be vigilant, but I would have to see more information before putting too much faith in this specific report or example," said Johnson Freese.

George Smith, a senior fellow at US-based security research group,say the report's allegations are "more of the same."

"It's an old event so news of it was released for a reason, to keep the argument for more cybersecurity/cyberdefense/cyberwar funding hot. In that respect it's just part of a continuum of things that have rolled out into the public light over the last decade ... Satellites are fairly well-protected assets anyway, so the real nature of the incidents may have been functionally trivial but still worth addressing. And now that information has become useful," Smith told Asia Times Online.

The USCC's draft report also notes that other cyber attacks with possible Chinese involvement seen in the past year include the "Night Dragon" intrusion on energy and petrochemical companies and an alleged attempt to infiltrate Gmail accounts of US government officials, journalists and Chinese political activists.

An Australian academic, however, recently dismissed China's cyber-warfare capabilities as "fairly rudimentary".

Desmond Ball, a professor in the Strategic and Defense Studies Center in Australia's National University, says in the Winter 2011 report "China's Cyber Warfare Capabilities", that China's high-profile hacks recently, as well as website defacements and denial-of-service attacks, were unsophisticated compared to other nations' capabilities.
More sophisticated Trojan Horse programs were used in 2002 to penetrate and steal information from the Dalai Lama's computer network. More recently, Trojan Horse programs camouflaged as Microsoft Word and PowerPoint documents have been inserted in computers in government offices in many countries around the world. Portable, large-capacity hard discs, often used by government agencies, have been found to carry Trojan Horses that automatically upload to Beijing Web-sites everything that the computer user saves on the hard disc.

From the late 1990s until 2005, the PLA conducted more than 100 military exercises involving some aspect of IW [information warfare], although the practice generally exposed substantial short-falls.
Ball says that China would be unable to systematically cripple selected command and control, air defense and intelligence networks and databases of advanced adversaries, or to conduct deception operations by secretly manipulating the data in these networks. His conclusion: "China is condemned to inferiority in IW capabilities for probably several decades."

1. Military Astronautics by Chang Xianqi, Li Yunzhi, Luo Xiaoming, Xu Wei,Geng Yandong, Chen Haoguang, Lin Dong National Defense Industry Publishing House; 2nd Edition, 2005.
2. Mapping surface materials of the Gobi desert area using ASTER images, Southern Mongolia. Master's Thesis, June 24, 2011.
3. See Significant Errors in Testimony on China's Space Program, Union of Concerned Scientists, May 20, 2008.

Craig Guthrie is a correspondent for Asia Times Online based in Thailand.

No comments: