15 July 2019

Crashed UAE Military Spy Satellite Raises Possibility Of Enemy Cyberattack

Zak Doffman

An investigation has been launched by the European Space Agency (ESA) and French aerospace group Arianespace into the failed launch of a rocket carrying a military spy satellite into space for the United Arab Emirates. Two minutes after take-off, a "major anomaly" sent the expensive, high-tech payload into the Atlantic—the first failure for Arianespace's Vega rockets after 14 successful missions.

The two French-built Falcon Eye satellites, of which this was the first, were designed "to provide a wholly new capability to [the UAE's] military," according to defense analysts, "representing the most advanced optics France had ever sold to another country." So much so that the program suffered significant delays as security regulations over certain component parts were worked through between France and the U.S.

Tensions remain high in the Middle East between the U.S. and regional allies on one side, and Iran on the other. The UAE is seen by Teheran as part of that enemy axis led by the U.S. and set against Iranian interests. One of the core military objectives of the Falcon Eye satellites is to monitor UAE's borders—especially its long maritime shoreline. And when it comes to the integrity of that maritime border, given those ongoing tensions, that means monitoring the activities of Iran in the Persian Gulf.

As such, in failing to launch the first Falcon Eye satellite, the UAE has lost a major surveillance advantage. The satellites, which include Thales optics capable of earth resolution down to 70 centimeters, fall under the operational remit of Abu Dhabi’s Space Reconnaissance Centre (SRC), and local media heralded the potential to provide the military with "state-of-the-art capabilities in Surveillance, Intelligence, Target Acquisition and Reconnaissance."

The prime contractor for the UAE satellite program is Airbus, and the defense giant's Head of Space Systems heralded Falcon Eye's "high-performance Earth-observation satellite system as providing an unrivaled observation capability to the Emirate’s Armed Forces." The two new satellites were designed for dual-use, meaning both military and civilian applications

Regional tensions and the continued development of Iran's offensive cyber capabilities raise the possibility of an enemy action being responsible for the unexpected launch failure. Earlier this year, reports emerged from the Middle East that Iran had failed to launch its own satellites on at least two occasions—and although the authorities in Teheran claimed those space assets were non-military, no-one was fooled.

Less than two weeks after the second failed launch, reports appeared in the New York Times (and elsewhere) of "a secret American program to sabotage Iran’s missiles and rockets."

Iran's space record is poor by any measure—almost 70% of their launches have failed, compared to the 5% industry average. Washington takes the understandable view that an Iranian space program is just a ballistic missile proving program by another name. "We have not asked and will not ask for permission to develop different types of missiles and will continue our path and our military power," President Hassan Rouhani said after reports emerged of the secret U.S. program.

The U.S. sabotage program had reportedly been years in the making and succeeded by compromising the supply chain which was equipping Iran's space program. Old school, so to speak. And while supply chain risk has not diminished, nowadays the higher-profile risk comes from offensive cyberattacks.

Launch systems are clearly distinct from operational satellite networks, but the recent action by U.S. Cyber Command to compromise the command and control systems behind Iran's missile launches has parallels. Offensive cyber attacks are not always networked activities—this is on a different level to the largescale hacks that target civilian industries and individuals. Here, offensive action often entails the compromise of individuals or direct access to physical machines. It is planned, complex, risky. It can take months or even years to execute. 

Philip Ingram, now a defense analyst after years with British Military Intelligence, told me that attacking a satellite program not only reduces capability but also carries an "economic impact—satellites are not cheap to build or launch—and undermines national confidence." The lack of international agreements governing cyberwarfare has also made it "a free for all."

And the threat is real. Research this month from a leading defense think tank suggested that U.S. and NATO satellite systems—carrying mission-critical data—are vulnerable to cyberattack, with "the potential to wreak havoc on strategic weapons systems and undermine deterrence by creating uncertainty and confusion: a significant and complex challenge due to the absence of a warning and speed of an attack, the difficulty of attribution, and the complexities associated with a proportionate response."

No comments: