China Says its New System Can Help Hack Satellites in Orbit, Fix Security Flaws

China claims to have built a new cyber defence system, called the Ontology of Cyber Situational Awareness for Satellites (OntoCSA4Sat), that is capable of automatically detecting security weaknesses in orbiting satellites, scientists told South China Morning Post.

OntoCSA4Sat, which was developed by the National University of Defence Technology in Changsha in collaboration with Beijing Aerospace Control Centre, reportedly maintains a detailed database of satellites that contains information not available to the public.

Cyber warfare has become a regular fixture in recent conflicts. Russia's invasion of Ukraine, for example, has been accompanied by a series of relentless cyber attacks targeting public, private and military infrastructure.

In a paper published in a domestic journal in March, lead project scientist Liu Bin reportedly wrote that "the cybersecurity arms race in space has intensified" and that China's space programme faces a “severe threat.”

“For example, the US Space Force has established Space Delta 6, a space cyber combat brigade. The US Air Force and the National Security Agency are also developing space cyber weapons,” they added.

United States Vice President Kamala Harris, meanwhile, announced on Monday, 18 April, that the US will no longer conduct anti-satellite (ASAT) missile tests which involve using ground-based missiles to destroy satellites in orbit.

In certain conditions, it is possible for hackers to interfere with or gain control of a satellite – for example, by breaking into a ground station or tampering with a user terminal and sending malicious inputs.

This would require meticulous planning and inside knowledge. Hackers have previously damaged components and held satellites hostage through ground stations, reports suggest.

The hardware and software used in modern satellites is proprietary and the details aren't revealed to the public. Communication and security protocols are also kept secret.

Using public and classified data the system reportedly discovered several possible vulnerabilities, and came up with a possible solution that would allow a space controller with little experience in cybersecurity to quickly patch up the loopholes.

The manufacturer of the satellite, however, is skeptical of these claims.

“It regards a model of CPU that is not in our satellites. Iridium does not share any specific information regarding how we secure our network," Jordan Hassin, an executive director at Iridium Communications, told SCMP.

"I can tell you that we go above and beyond industry best practices on this front," he said.

Space is headed towards commercialisation. Thanks to a decrease in launch prices, there were 145 orbital launch attempts in 2021 – the most since 1967, according to CosmoQuest.

While China was responsible of most of these launches, Elon Musk's SpaceX accounted for 31 through which it launched a staggering 989 satellites. India accounted for two launches.

SpaceX alone hopes to have as many as 42,000 satellites in its Starlink constellation, which aims to provide low-cost internet to remote locations. It already has roughly 1,500 Starlink satellites active.

Other companies are also expanding their satellite broadband services. SES has partnered with Jio in India, while Airtel is partnering with US-based Hughes Communications to offer satellite internet. Tata and Amazon are also reportedly looking into the space.

ISRO also appears to have a busy schedule in 2022. ISRO Chairman K Sivan said that the agency had plenty of missions to execute this year, including the launch of EOS-6 on board the PSLV, and the EOS-02 on board the maiden flight of the Small Satellite Launch Vehicle (SSLV).

India is looking to up its satellite launching capacity in the near future.

(With inputs from South China Morning Post)