Main Image Credit Artist's impression of a Starlink satellite. Courtesy of Botnet Sky / Wikimedia Commons / CC BY-SA 4.0
With the war in Ukraine intensifying, satellite providers are experiencing jamming and cyber attacks on their systems. Given the auxiliary role that space assets play in conflict, their targeting is hardly surprising and may increase over the coming weeks. So far, the impact of these measures has been limited.
As the war in Ukraine rages on, satellite communications providers are facing cyber attacks and disruption of their services. A recent cyber attack targeted ViaSat modems that allow customers to connect to the internet, while SpaceX’s Starlink terminals were jammed. As a result, the US Cybersecurity and Infrastructure Security Agency released a statement asking network providers to remain vigilant and increase their defences, including lowering their threshold for reporting attacks.
Neither SpaceX nor ViaSat are entirely random targets. While ViaSat’s residential modems in Ukraine were affected, the company is also a defence contractor for the US government, as well as for the Ukrainian police and military. It is not at all uncommon for commercial providers to also be contractors for governments in the realm of defence – the level of bandwidth needed by militaries often surpasses the capabilities of military satellite communications alone. For example, the US military relied on commercial providers for 90% of its bandwidth over Iraq and Afghanistan.
Meanwhile, Starlink terminals were shipped to Ukraine after a public call for help on Twitter from Mykhailo Fedorov, Vice Prime Minister of Ukraine, to Elon Musk, the CEO and founder of SpaceX. What looked like an instantaneous leap into action had actually been in the making for several weeks – the Ukrainian government had already been in talks with SpaceX about providing terminals six weeks prior. The terminals allow for broadband internet services – especially useful if more conventional networks have already been disabled or destroyed. In this instance, Starlink has allowed the Aerorozvidka, an aerial reconnaissance unit, to coordinate its Unmanned Aerial Vehicles (UAVs). The terminals were affected shortly after arriving in Ukraine – according to Elon Musk, Starlink terminals ‘near conflict areas’ had been jammed for hours at a time. As a result, the company has refocused its attention towards the bypassing of jamming and the increasing of cyber defences at the cost of other projects, such as Starship.
Jamming as a War Tactic
The occurrence of jamming and cyber attacks is not altogether surprising, for several reasons. Firstly, jamming is considered a standard tactic and a part of modern conflict. Given the auxiliary role that space assets hold for militaries – think communications, positioning, timing and so on – it naturally follows that these assets become targets themselves. This includes every part of the connection: ground terminals, satellites and the links between them. By disabling assets through jamming or spoofing – disrupting the signal or feeding wrong information – crucial streams of information are shut off. The Russians know this too, and have turned this into one of their focus points in modern warfare – Russian military doctrine emphasises ‘information dominance’. While the source of the ViaSat cyber attack has not been confirmed with certainty, the US has made public that jamming of GPS signals above Ukraine can be traced back to Russia. This is hardly unexpected, given that the jamming of GPS in eastern Ukraine has been a regular occurrence since the annexation of Crimea in 2014.
Given the auxiliary role that space assets hold for militaries in terms of communications, positioning, timing and so on, it naturally follows that these assets become targets themselves
Both cyber and jamming tactics are popular weapons as they are temporary and reversible. During jamming, a noise of the same radio frequency is emitted – the receiver then finding it difficult to distinguish between the original signal and the jamming signal. A signal can be jammed on both ends – on its way to the satellite (uplink) and on the way down to the terrestrial receiver (downlink). Technically, uplink jamming is more difficult, as more power is required to reach the satellite; however, when jamming the downlink, the jammer must be within the field of the terminal, so the effect is more localised. Generally speaking, jamming is neither difficult to do nor particularly costly. In fact, satellite jammers can be bought on the internet. An additional benefit of this type of electronic anti-satellite weapon, similar to a cyber attack, is that it can be difficult to attribute. The US military has disclosed that it self-jams its own systems 23 times per month on average due to accidental interference. Therefore, it can be difficult to distinguish between accidental and purposeful disruptions.
There are defences against both cyber attacks and jamming. Generally speaking, commercial satellites will have in-built protection, though they will be less hardened and resilient than military providers. This does not mean, however, that states and their militaries should stop using commercial providers – the opposite is the case. Resilience lies in the diversity of systems. Since providers operate on different frequency bands – and jammers are usually only designed to jam a particular frequency – this means that if several providers are used at once, it will be more difficult for an attacker to disrupt multiple services at the same time. The corollary is that a system of systems, involving both military and commercial providers, makes for the most resilient network.
What Will Happen Next?
As SpaceX is working on beefing up its cyber and jamming defences, the targeting of space assets raises a set of questions about the embroiling of commercial companies in a conflict. These questions are similar to those around the impact that the provision of satellite imagery and the use of open-source intelligence more generally has had on modern conflicts. The fact that SpaceX set to work and installed new software to circumvent the issue suggests that this was not something that was previously anticipated when designing the Starlink system. After all, who would want to deliberately shut off broadband internet services? The question seems ludicrous until you find yourself in a conflict zone, where the internet allows people to share information about the situation on the ground, stay in touch with each other, organise themselves, and in this case, allows for target acquisition. While the attacks on commercial providers have been widely publicised, their impact so far seems limited. At the time of writing, ViaSat was still working to reduce the impact of the attack on its end customers, and Starlink internet appears to be available. According to a US defence official, however, Russia has not yet deployed ‘the full scope of [its] electronic warfare capabilities’. Therefore, further cyber and jamming attacks can be expected in the coming weeks.
The views expressed in this Commentary are the author’s, and do not represent those of RUSI or any other institution.
Have an idea for a Commentary you’d like to write for us? Send a short pitch to firstname.lastname@example.org and we’ll get back to you if it fits into our research interests. Full guidelines for contributors can be found here.
Research Analyst and Policy Lead