Government report finds satellite security lax

Amid heightened concerns about the security of the U.S. communications infrastructure, the General Accounting Office released a report Thursday warning that the nation’s commercial satellites have been largely ignored in discussions of critical infrastructure protection and are vulnerable to attack from malicious hackers.

The report, “Critical Infrastructure Protection: Commercial Satellite Security Should Be More Fully Addressed,” was completed in August and found critical vulnerabilities in the nation’s commercial satellite network. The report further suggests that federal agencies using commercial satellites may be exposing sensitive data to unauthorized snooping. A copy of the report was posted on the GAO’s Web site.

Despite using encryption to protect communications and physical security measures to harden ground stations, federal agencies rely on commercial satellite service providers to secure tracking, telemetry and control links, satellites and satellite control stations.

Those measures fall well short of the standards that the government uses to secure its own satellite network and satellites used by global positioning system technology, according to the report.

In addition, the report found that federal agencies have little recourse to improve the security of the commercial satellite networks they use. Federal laws governing satellite system security apply only to satellites used for national security. As a result, government agencies cannot impose specific security requirements on satellite service providers whose satellites are used for other purposes.

At the same time, the report notes the increased importance of satellite communications to the nation’s information infrastructure, and the increasing dependence of the federal government on commercial satellites. Traffic from federal agencies already makes up 10% of all traffic handled by commercial satellites, and up to 45% of all federal government traffic between the Persian Gulf region and the U.S. is carried over commercial satellite networks, the report notes.

The report recommends expanding the current federal policy governing satellite security to cover commercial satellites used by government agencies.

In addition, the report recommends practical ways to better secure commercial satellite communications, such as scrambling telemetry tracking and control communications using cryptography or spread spectrum communications, improving the security of satellites with attack-resistant components, ensuring redundancy in communications networks to guard against the loss of one or more commercial satellites, and better securing ground stations used for commercial satellite communications.

The report was requested by Maine Republican Senator Susan Collins, ranking minority member of the Senate’s Committee on Governmental Affairs.

In a statement released by Senator Collins’ office, she urged National Security Advisor Condoleezza Rice and Richard Clarke, special advisor to the president for cyberspace, to take a close look at the findings of the report and consider including commercial satellites as part of the nation’s critical infrastructure.

The White House did not respond to requests for comment on the report.