Pages

17 July 2019

Crashed UAE Military Spy Satellite Raises Possibility Of Enemy Cyberattack

Zak Doffman

An investigation has been launched by the European Space Agency (ESA) and French aerospace group Arianespace into the failed launch of a rocket carrying a military spy satellite into space for the United Arab Emirates. Two minutes after take-off, a "major anomaly" sent the expensive, high-tech payload into the Atlantic—the first failure for Arianespace's Vega rockets after 14 successful missions.

The two French-built Falcon Eye satellites, of which this was the first, were designed "to provide a wholly new capability to [the UAE's] military," according to defense analysts, "representing the most advanced optics France had ever sold to another country." So much so that the program suffered significant delays as security regulations over certain component parts were worked through between France and the U.S.

Tensions remain high in the Middle East between the U.S. and regional allies on one side, and Iran on the other. The UAE is seen by Teheran as part of that enemy axis led by the U.S. and set against Iranian interests. One of the core military objectives of the Falcon Eye satellites is to monitor UAE's borders—especially its long maritime shoreline. And when it comes to the integrity of that maritime border, given those ongoing tensions, that means monitoring the activities of Iran in the Persian Gulf.

As such, in failing to launch the first Falcon Eye satellite, the UAE has lost a major surveillance advantage. The satellites, which include Thales optics capable of earth resolution down to 70 centimeters, fall under the operational remit of Abu Dhabi’s Space Reconnaissance Centre (SRC), and local media heralded the potential to provide the military with "state-of-the-art capabilities in Surveillance, Intelligence, Target Acquisition and Reconnaissance."

The prime contractor for the UAE satellite program is Airbus, and the defense giant's Head of Space Systems heralded Falcon Eye's "high-performance Earth-observation satellite system as providing an unrivaled observation capability to the Emirate’s Armed Forces." The two new satellites were designed for dual-use, meaning both military and civilian applications

Regional tensions and the continued development of Iran's offensive cyber capabilities raise the possibility of an enemy action being responsible for the unexpected launch failure. Earlier this year, reports emerged from the Middle East that Iran had failed to launch its own satellites on at least two occasions—and although the authorities in Teheran claimed those space assets were non-military, no-one was fooled.

Less than two weeks after the second failed launch, reports appeared in the New York Times (and elsewhere) of "a secret American program to sabotage Iran’s missiles and rockets."

Iran's space record is poor by any measure—almost 70% of their launches have failed, compared to the 5% industry average. Washington takes the understandable view that an Iranian space program is just a ballistic missile proving program by another name. "We have not asked and will not ask for permission to develop different types of missiles and will continue our path and our military power," President Hassan Rouhani said after reports emerged of the secret U.S. program.

The U.S. sabotage program had reportedly been years in the making and succeeded by compromising the supply chain which was equipping Iran's space program. Old school, so to speak. And while supply chain risk has not diminished, nowadays the higher-profile risk comes from offensive cyberattacks.

Launch systems are clearly distinct from operational satellite networks, but the recent action by U.S. Cyber Command to compromise the command and control systems behind Iran's missile launches has parallels. Offensive cyber attacks are not always networked activities—this is on a different level to the largescale hacks that target civilian industries and individuals. Here, offensive action often entails the compromise of individuals or direct access to physical machines. It is planned, complex, risky. It can take months or even years to execute. 

Philip Ingram, now a defense analyst after years with British Military Intelligence, told me that attacking a satellite program not only reduces capability but also carries an "economic impact—satellites are not cheap to build or launch—and undermines national confidence." The lack of international agreements governing cyberwarfare has also made it "a free for all."

And the threat is real. Research this month from a leading defense think tank suggested that U.S. and NATO satellite systems—carrying mission-critical data—are vulnerable to cyberattack, with "the potential to wreak havoc on strategic weapons systems and undermine deterrence by creating uncertainty and confusion: a significant and complex challenge due to the absence of a warning and speed of an attack, the difficulty of attribution, and the complexities associated with a proportionate response."

The enemies here are China and Russia, and the implications are serious—the "critical dependency on space has resulted in new cyber risks that disproportionately affect mission assurance." Tensions with both Russia and China are intensifying. A report for the Joint Chiefs found that the U.S. is failing to deal with Russia's growing influence on the world, and this presents a national security risk. Meanwhile, the offensive cyber strategy adopted by China and its state-sponsored hackers has been a constant backdrop to the trade and security conflict underway.

For the Chatham House authors of the report, because "both China and Russia prioritize electronic warfare, cyber attacks and superiority within the electromagnetic battlespace," and both nations have "a key focus on preventing adversarial satellite-based communication systems from impacting their operational effectiveness," the implication is that those two nations are the adversaries likely to have set out to compromise the satellite networks used by the U.S. and its allies.

So, did Iran (acting alone or as a Chinese or Russian proxy) have a hand in the destruction of the Falcon Eye 1, which belonged to a U.S. ally? And, if so, was it physical or an electronic systems cyberattack? To ask the question another way, would Iran have sabotaged the launch if it was capable of doing so?

Last month, the Cybersecurity and Infrastructure Security Agency (CISA) within the DHS issued a blanket warning about a"recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies... using destructive ‘wiper’ attacks, looking to do much more than just steal data and money."

Also last month, the National Security Agency confirmed that "there have been serious issues with malicious Iranian cyber actions in the past. In these times of heightened tensions, it is appropriate for everyone to be alert to signs of Iranian aggression in cyberspace and ensure appropriate defenses are in place."

"This is an interesting line of thought," Ingram told me. There is a "very real increase in offensive cyber being used by Russia, China, North Korea and Iran," with the clear potential for Iran to act as "a proxy for Russian or Chinese attacks."

The fact is that the cyberwar in the Middle East is ongoing. The U.S. axis, that includes Israel and Saudi Arabia and the UAE is facing down Iran and its proxies. Russia and China might be visibly on the sidelines, but they are both engaged. If there was a bad actor element to the Vega rocket crashing down to earth—which is unlikely to be disclosed—it would almost certainly have involved some level of technical support from one of Beijing or Moscow.

Ingram sees "regulating cyber warfare as like trying to put a very reluctant genie back in a bottle forcibly," and while "space programs are well protected from a cyber perspective, that doesn't preclude good old fashioned sabotage."

Chatham House takes a much dimmer view, it doesn't see the necessary level of cyber protection being in place at all—"it would be prudent to assume that an adversary is already active in [satellite] networks and focus on resilience measures—with increased urgency for advanced techniques... to identify and respond to modern threats."

Nothing has yet been confirmed, and so we await the results of the investigation. But given the circumstances, the rising tensions, the focus on cyberattacks in the space domain, Iran’s sabotaged rocket launches and the presence of Russia and China on the sidelines, it would be a most inopportune time to suffer a catastrophic and unexplained environmental issue or equipment failure.

Both Arianespace and ESA were asked whether the remit of the investigation included the possibility of a state-sponsored cyberattack or sabotage. No responses had been received at the time of publishing.

No comments:

Post a Comment