Schneier on Security
A blog covering security and security technology.
« Speech-Activated Password Resets |
| Fixing Unicode »
March 12, 2005
Satellite Tracking Data Made Secret
Here's another example of harmful government secrecy, ostensibly implemented as security against terrorism.
How an adversary might damage a spacecraft more than 100 miles up and moving at five miles per second -- eight times faster than a rifle bullet -- was not specified.
Good question, though.
But unclassified military or civilian communications satellites could, in theory, be jammed. And an adversary could use the unclassified data to know when a commercial imaging satellite, possibly operating under contract to the Department of Defense, would be flying overhead.
It might even be possible, through the process of elimination, for knowledgeable amateurs to ferret out the orbit of a classified spacecraft by comparing actual observations with the list of known, unclassified satellites.
Clearly I need to write a longer essay on "movie-plot" threats, and the wisdom of spending money and effort defending against them.
Posted on March 12, 2005 at 10:31 AM
• 18 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Well, 9/11 was not even considered realistic by fiction writer Tom Clancy:
Though, as you have often emphasized, Bruce, the cost of any security program -- both in terms of money and loss of civil liberties -- is to be weighed against its actual effectiveness.
You do need to take unusual attacks into account, but it's also mandatory to avoid issueing a blank check to take any civil liberty "for national security reasons".
Actually, you can imagine that launching a cloud of gravel in front of a satellite might be quite easy.
joe's right; but he assumes that the launcher of gravel is quite indifferent to any subsequent use of that orbit, which is going to be out of commission for some considerable length of time. Al Qaeda might not care; but it's unlikely in the extreme that they'd have the capability. North Korea? Just barely within the realm of possibility; and you'd think they'd have better things to do with their few launch vehicles than shoot down satellites.
Why waste good gravel? Sand will give better coverage than gravel. Compare buckshot to birdshot. The attackers are not likely to care about eventual consequences, as they won't be launching their own assets into orbit. They'll be trying to bring on their version of armageddon.
The irony !
Movie-plot scenarios are the bases for this site. Quit the movie-plot threats, an you lose your blog's public.
Keep on trucking
Ok, if I read this correctly, while the DoD wanted to restrict access to the OIG database to keep (the absence of) military satellite data secret, "NASA's computer system at the Goddard Space Flight Center in Greenbelt, Md., suffered a crippling failure in early February and while it is still in operation, its capabilities are limited."
Something tells me that the DoD people arguing for security were more intrested in "Confidentiality" than data "Integrity" or even system "Availability". This is a classic mistake when funding and fighting for change in information security -- to use "CIA" as a literal marching order. Experience in information security usually leads one to discover that "AIC" is a more effective approach since you effectively end up with Confidentiality if the system is off-line or the data is considered completely unreliable.
I worked on a few information security gigs at NASA and for some rocket science and astrophysics projects, and I must say I tend to agree with the conclusion of the scientist quoted in the article:
"So sometimes you go through these big hurdles trying to make things secret that are, in an open society, things you just can't. All you end up doing is gumming up the works for everybody living ordinary lives, which makes the terrorists win."
Of course most scientists are far too trusting, but that's another story. The new policy for access to the satellite tracking system appears to me to be too broad/vague and unlikely to achieve any greater data confidentiality: Users must agree not to "transfer any data, including, but not limited to, the analysis of tracking data, or other information received through this website or any services described herein to any third party without the prior express approval of the Secretary of Defense or his delegatee."
Ugh. Welcome to the 1950s. I wonder what approval looks like; a visit to the DoD so you can have your prints inked? Promise to give up your first-born?
Satellite locations (except those broadcasting to the public) should be secret, not because they might be attacked physically but because they might be hacked. (Or jammed, as you mention.)
Some years ago "Mother Jones" magazine published the frequencies and locations of satellites that would be used in giving nuclear release orders. I was appalled at not hearing they'd been thrown in jail, then or later. It's about darn time somebody paid attention to this kind of vulnerability.
Perhaps you could clarify how satellite position information poses a risk to US national security? Perhaps you missed the part of the article that explains why the information is shared:
"Commercial satellite operators use the data to monitor civilian spacecraft, to predict - and avoid - collisions or close encounters, to determine when maneuvers might be required and to monitor space debris.
Researchers and educators use the information to train future satellite operators, to develop more efficient tracking techniques and to monitor space debris, which poses a threat to all satellites. Radio enthusiasts need it to determine when amateur satellites will be above their horizons.
And in the internet age, even casual hobbyists using widely available Macintosh and PC tracking software can find out when a given satellite will be visible from their location."
And maybe you also missed the point that "NASA managers have never seen the OIG data as a security risk and even the Air Force, in a 1999 review, 'assessed the NASA web site data and found no threat to national security,' the GAO observed."
But aside from all that, you probably also missed the point that "a small group of sophisticated amateurs do, in fact, track presumably 'classified' spy satellites, they do it the old fashioned way: by monitoring military launches, looking for new satellites in the night sky and computing their orbits."
How exactly do you propose to avoid that? Prevent people from looking up? Ban the use of mathematics?
Hmmm, any links, dates, names or references to support to your point about Mother Jones? I'm sorry but it seems that you are saying that freedom of the press should not apply to a magazine that publishes freely available information, and its reporters should be jailed?
I think the point is not just to worry about jamming, hacking, or attacking a sat that has been launched. Those are all expensive and technologically difficult. Think of it this way. The head of a terrorist cell uses the information to find out sats that are supected of being spy sats. He can move troops and equipment when he is sure that the sat is not overhead an there for would be unable to get a picture. Sure some people can track every launch and predict orbits but that is much harder. Car alarms are used to deter theft they can't completly theft proof. Sometimes making things difficult is enough.
Come on! Terrorists moving troops??
You think a bunch of terrorists are organized like a regiment of Soviet Armor?
As already proven by Clinton's mis-attack on Bin Laden, you're trying to hit a target the size of a goat with a system that is basically able to "just" hit a target the size of an aircraft carrier.
No matter how powerful the technology, finding terrorists by satellite is, bluntly, futile.
Either you have such high definition images, you view sq. feet of ground -making the millions upon millions of sq. feet needed to be searched and reviewed simply impossible to accomplish- OR it is of such low definition you can't tell the difference between a cow or a truck -but can reasonable search a large swaths of area at a time.
Either way, looking for individuals or small groups is futile with sat's.
Terrorists don't need a window in sattelite surveilance to move their troops, they just need a greyhound bus. Their equipment does conveniently in the overhead storage bin.
"The irony !
"Movie-plot scenarios are the bases for this site. Quit the movie-plot threats, an you lose your blog's public."
I sure hope that's not true. In all my writings, I try to realistically look at some of the more nonsensical threats that we're told to worry about.
Re 9/11 and Tom Clancy - remember the X-Files spinogg "The Lone Gunmen" ?? One of that shows first plots had to do with flying an aircraft into buildings in NYC, albeit done via a remote control hack.
The best part of the whole article:
"But a determined adversary could "subvert this very easily and not only that, even if you made it secure, what the hobbyists have shown is ... in a couple of years you (could) have a set of bad guys who are much better equipped than they previously were for relatively little expense on their part.""
I would be interested in learning *why* people think jamming a satellite is a movie plot threat.
AAzure, you're making a classic logical error through false dichotomy. In between low- and high-definition is a pretty wide range of resolution, and zooming in gradually on subjects of interest until suspicion is either confirmed or denied is standard practice. Satellites are not the only way of confirming something's identity, but you seem to want to throw them away when they are a valid tool, albeit one that should be used in conjunction with other tools.
Jamming a satellite is a movie plot threat because the uplinks use highly directional signals from quite powerful transmitters. To jam it, you would need a powerful jammer (hence easy to find) close to the uplink (hence really easy to find, and easy to interdict). The downlink is much lower in power, but is also difficult to jam because it is fairly-to-very directional (depending on function), and up in the sky; to jam it, you would need to put your jammer in an aircraft. For typical broadcast sat geometries (e.g. ground dishes have HPBW of 3°), the radius you could jam would be around 1/10 your altitude--one neighbourhood, unless you're in SpaceshipOne.
On the other hand, *blinding* an imaging satellite by aiming an industrial cutting laser at it is a vaguely plausible threat; still a pretty big ask, but probably within the grasp of the more sophisticated terrorists or organized crime outfits. Rumour has it that the attack has actually been attempted by hostile small nations against military photo-reconnaissance satellites, which operate at quite low altitudes (perigee typically 270 km for KH-12, for example). Civilian imaging satellites are probably much less well protected against this attack, and satellites like LANDSAT also have a perigee of only a few hundred km (700 km for LANDSAT-7). To complete the attack would require a moderately large tracking telescope (a 400 mm reflector should get about 1% of the beam power into the lens), a cutting laser, a few much cheaper bits and pieces, clear weather--and the satellite ephemerides. Telescopes with such a large reflector are quite expensive (around USD $40,000), but anyone with the dosh can buy one.
Of course, if you have all this gear and skill, you could probably calculate the ephemerides yourself.
It's basically impossible to tell small group of humans from small group of cattle even on the highest-res sat images. And the limiting thing here is the light diffraction in the satellite lens. Approximate calculation gives a resolution of about 1m for the satellite flying 300km above, and it even doesn't take the athmosphere into account.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.