This is the accessible text file for GAO report number GAO-02-781 
entitled 'Critical Infrastructure Protection: Commercial Satellite 
Security Should Be More Fully Addressed' which was released on October 
03, 2002.



This text file was formatted by the U.S. General Accounting Office 

(GAO) to be accessible to users with visual impairments, as part of a 

longer term project to improve GAO products’ accessibility. Every 

attempt has been made to maintain the structural and data integrity of 

the original printed product. Accessibility features, such as text 

descriptions of tables, consecutively numbered footnotes placed at the 

end of the file, and the text of agency comment letters, are provided 

but may not exactly duplicate the presentation or format of the printed 

version. The portable document format (PDF) file is an exact electronic 

replica of the printed version. We welcome your feedback. Please E-mail 

your comments regarding the contents or accessibility features of this 

document to Webmaster@gao.gov.



Report to the Ranking Minority Member, Permanent Subcommittee on 

Investigations, Committee on Governmental Affairs, U.S. Senate:



August 2002:



Critical Infrastructure Protection:



Commercial Satellite Security Should Be More Fully Addressed:



GAO-02-781:



GAO Highlights:



CRITICAL INFRASTRUCTURE PROTECTION: 

Commercial Satellite Security Should Be More Fully Addressed:



Highlights of GAO-02-781, a report to the Ranking Minority Member, 

Permanent Subcommittee on Investigations, Committee on Governmental 

Affairs, United States Senate:



Why GAO Did This Study:



Because the federal government relies on commercial satellites, 

security threats leading to their disruption or loss would put 

government functions (including communications and information 

transmission) at significant risk. Accordingly, GAO was asked 

to review, among other things, the techniques used by federal 

agencies to reduce the risk associated with using commercial 

satellite systems, as well as efforts to improve satellite system 

security undertaken as part of federal efforts in critical 

infrastructure protection. 



What GAO Found:



Although federal agencies rely on commercial satellites, federal 

customers do not dominate the commercial satellite market, 

accounting for only about 10 percent of it. As a result, federal 

customers generally have not influenced security techniques used 

for commercial satellites. Federal agencies do reduce their risk 

by securing those system components under their control—the data 

links and communications ground stations—but most components are 

typically the responsibility of the satellite service provider: 

the satellite; the telemetry, tracking, and control links; and the 

satellite control ground stations (see figure below). Some federal 

agencies also mitigate risk by relying on redundant or backup 

capabilities, such as additional satellite services. 



In 1998, Presidential Decision Directive 63 was issued to improve the 

federal approach to protecting our nation’s critical infrastructures 

(such as telecommunications, energy, banking and finance, and 

transportation) by establishing partnerships between private-sector 

entities and the federal government. To date, the satellite industry 

has not been included as part of this national effort. Further, federal 

policy governing the security of satellite systems used by agencies 

addresses only those satellites used for national security information 

and pertains only to techniques associated with the links between 
ground 

stations and satellites or links between satellites. Without 
appropriate 

governmentwide policy to address the security of all satellite 
components 

and of non–national-security information, federal agencies may not, for 

information with similar sensitivity and criticality, consistently (1) 

secure data links and communication ground stations or (2) use 
satellites 

that have certain security controls that enhance availability.



Figure: Commercial Satellite System Showing Components Not Controlled 
by 

Government Agencies

 

[See PDF for image]



Source: GAO analysis.



[End of figure]



What GAO Recommends:



To ensure that these assets are protected from unauthorized access and 

disruption, GAO recommends that steps be taken to promote the 
appropriate 

development and implementation of policy regarding the security of 

satellite systems. GAO also recommends that commercial satellites be 

identified as a critical infrastructure (or as part of an already 
identified 

one) in the national critical infrastructure protection strategy. 



In commenting on a draft of this report, agencies included in our 
review 

concurred with our findings and recommendations. In addition, these 

agencies and private-sector entities provided technical comments, which 

were included in the report, as appropriate. 



This is a test for developing highlights for a GAO report. The full 
report, 

including GAO’s objectives, scope, methodology, and analysis is 
available 

at www.gao.gov/cgi-bin/getrpt?GAO-02-781. For additional information 
about 

the report, contact Robert Dacey (202-512-3317). To provide comments on 

this test highlights, contact Keith Fultz (202-512-3200) or E-mail 

HighlightsTest@gao.gov. 



Contents:



Letter:



Results in Brief:



Background:



Security Techniques Are Available to Protect TT&C and Data Links, 

Satellites, and Ground Stations:



Federal Satellite Users Can Reduce Risks Only in Certain Areas, and 

National Policy Is Limited:



National CIP Initiatives Addressing Satellite Security Have Been 

Limited:



Conclusions:



Recommendations:



Agency Comments and Our Evaluation:



Appendixes:



Appendix I: Objectives, Scope, and Methodology:



Appendix II: Comments from the Department of Defense:



Appendix III: Comments from the Department of Commerce:



Appendix IV: Comments from the National Aeronautics and Space

Administration:



Tables :



Table 1: Civilian Agency Use of Commercial Satellites:



Table 2: Unintentional Threats to Commercial Satellite Systems:



Table 3: Intentional Threats to Commercial Satellite Systems:



Table 4: Security Techniques Available to Address Unintentional and 

Intentional Threats:



Figures:



Figure 1: Key Components of a Satellite System:



Figure 2: Entities with CIP Responsibilities as Outlined byPDD 63:



Figure 3: Commercial Satellite System Showing Components Not Controlled 

by Government Agencies:



Abbreviations:



CIA: Central Intelligence Agency:



CIAO: Critical Infrastructure Assurance Office:



CIP: critical infrastructure protection:



CNSS: Committee on National Security Systems:



DOD: Department of Defense:



EMP: electromagnetic pulse:



EPA: Environmental Protection Agency:



FAA: Federal Aviation Administration:



FBI: Federal Bureau of Investigation:



FCC: Federal Communications Commission:



FEMA: Federal Emergency Management Agency:



GPS: Global Positioning System:



HHS: Department of Health and Human Services:



ISAC: information sharing and analysis center:



NASA: National Aeronautics and Space Administration:



NCC: National Coordinating Center for Telecommunications:



NDIA: National Defense Industrial Association:



NOAA: National Oceanic and Atmospheric Administration:



NSA: National Security Agency:



NSTISSP: National Security Telecommunications and Information Systems 

Security Policy:



NTIA: National Telecommunications and Information Administration:



NTISSP: National Telecommunications and Information Systems Security 

Policy:



OSTP: Office of Science and Technology Policy:



PDD: Presidential Decision Directive:



RF: radio frequency:



TT&C: tracking, telemetry, and control:



Letter August 30, 2002:



The Honorable Susan Collins

Ranking Minority Member

Permanent Subcommittee on Investigations

Committee on Governmental Affairs

United States Senate:



Dear Senator Collins:



Government and private-sector entities rely on satellites for services 

such as communication, navigation, remote sensing, imaging, and weather 

and meteorological support. Although the government owns satellites, it 

also relies for certain services on satellites owned and operated by 

commercial satellite service providers. For example, the Department of 

Defense (DOD) typically relies on commercial satellites to fulfill its 

communications and information transmission requirements for non-

mission-critical data and to augment its military satellite 

capabilities. The importance of commercial satellites for DOD is 

evident during times of conflict: according to a DOD study, commercial 

communications satellites were used in 45 percent of all communications 

between the United States and the Persian Gulf region during Desert 

Shield/Desert Storm.[Footnote 1] Further, the federal government’s 

reliance on commercial satellites is expected to grow.



The commercial satellite industry is also a critical component of the 

worldwide and national economy: the industry generated $85 billion in 

revenue in 2000. Accordingly, disruption of satellite services, whether 

intentional or not, can have a major adverse economic impact. One 

indication of the importance of satellite services was provided in 1998 

by the failure of the Galaxy IV satellite, which disrupted 80 to 90 

percent of 45 million pagers across the United States for 2 to 4 days 

and blocked credit card authorization at point-of-sale terminals (such 

as gasoline pumps).



Satellites are vulnerable to various threats. Protecting satellite 

systems against these threats requires attention to (1) the satellite; 

(2) the satellite control ground stations, which perform tracking and 

control functions to ensure that satellites remain in the proper orbits 

and which monitor satellite performance; (3) the communications ground 

stations, which process the data being sent to and from satellites; and 

(4) communications links between satellites and ground stations--both 

those that transmit the tracking and control information and those that 

transmit the data. Security threats to any part of the system could put 

government and commercial functions at significant risk. Accordingly, 

at your request, we reviewed (1) what security techniques are available 

to protect satellite systems from unauthorized use, disruption, or 

damage; (2) how federal agencies reduce the risk associated with their 

use of commercial satellite systems; and (3) what federal critical 

infrastructure protection (CIP) efforts are being undertaken to address 

satellite system security through improved government and private-

sector cooperation. To accomplish these objectives, we reviewed 

technical documents, policy, and directives and interviewed pertinent 

officials from federal agencies and the private sector involved in 

developing, operating, maintaining, and protecting satellite systems. 

Appendix I provides further details on our objectives, scope, and 

methodology.



Results in Brief:



Techniques to protect satellite systems from unauthorized use and 

disruption include the use of robust hardware on satellites, physical 

security and logical access controls[Footnote 2] at ground stations, 

and encryption of the signals for tracking and controlling the 

satellite and of the data being sent to and from satellites. Commercial 

satellite service providers stated that they provide some of these 

security techniques to meet most of their customers’ security 

requirements and that they base their decisions on business objectives. 

For example, commercial satellite providers stated that they use backup 

satellites and redundant satellite features to ensure availability. 

However, commercial satellite providers generally do not use the more 

stringent techniques used in national security satellites for 

protection against deliberate disruption and exploitation.



When using commercial satellites, federal agencies reduce risks by 

securing the data links and ground stations that send and receive data. 

However, federal agencies do not control the security of the tracking 

and control links, satellites, or tracking and control ground stations, 

which are typically the responsibility of the satellite service 

provider. Further, although the federal government relies on commercial 

satellites, federal customers make up only about 10 percent of the 

commercial satellite market and accordingly have had limited influence 

over security techniques employed by commercial satellite service 

providers. To mitigate risk, some federal agencies also rely on 

redundant or backup capabilities, such as additional satellite 

services. Aspects of satellite system security have been addressed in 

federal policy, but this policy is limited because it pertains only to 

satellite and supporting systems that are used for national security 

information, addresses only techniques associated with the links, and 

does not have an enforcement mechanism. Without appropriate 

governmentwide policy to address the security of all satellite 

components and of non-national-security information, federal agencies 

may not, for information with similar sensitivity and criticality, 

consistently (1) secure data links and communication ground stations or 

(2) use satellites that have certain security controls that enhance 

availability. Recent initiatives by the Executive Branch have 

acknowledged these policy limitations, but we are not aware of specific 

actions to address them.



It is important to our nation’s economy and security to protect against 

attacks on its computer-dependent critical infrastructures (such as 

telecommunications, energy, and transportation), many of which are 

privately owned. In 1998, Presidential Decision Directive 63 was issued 

to improve the federal approach to protecting our nation’s critical 

infrastructures by establishing partnerships between private-sector 

entities and the federal government. However, the satellite industry 

has not been included as part of this national effort, and there are no 

plans to include it. In addition, the July 2002 national strategy for 

homeland security does not suggest that the satellite industry be 

included in the approach to protecting our critical 

infrastructures.[Footnote 3] In light of the nation’s growing reliance 

on commercial satellites to meet military, civil, and private-sector 

requirements, omitting satellites from our nation’s approach leaves a 

critical aspect of our nation’s infrastructures without focused 

attention.



Because of the importance of the satellite industry to our nation, we 

recommend that steps be taken to promote appropriate revisions to 

existing policy and the development of new policy regarding the 

security of satellite systems, to ensure that federal agencies 

appropriately address the use of commercial satellites, including the 

sensitivity of information, security techniques, and enforcement 

mechanisms. In addition, we are recommending that commercial satellites 

be identified as a critical infrastructure sector (or as part of an 

already identified critical infrastructure sector) in the national CIP 

strategy, to help ensure that these assets are protected from 

unauthorized access and disruption.



We received written comments on a draft of this report from the 

Department of Defense; the National Oceanic and Atmospheric 

Administration, Department of Commerce; and the National Aeronautics 

and Space Administration. The Departments of Defense and Commerce and 

the National Aeronautics and Space Administration concurred with our 

findings and recommendations (see apps. II, III, and IV, respectively) 

and provided technical comments that have been incorporated in the 

report, as appropriate (some of these technical comments are reproduced 

in the appendixes). We received technical oral comments from officials 

from the Critical Infrastructure Assurance Office, Department of 

Commerce; Federal Aviation Administration, Department of 

Transportation; Office of Management and Budget; and United States 

Secret Service, Department of Treasury; in addition, we received 

written and oral technical comments from five participating private-

sector entities. Comments from all these organizations have been 

incorporated into the report, as appropriate.



Background:



Satellites provide many significant services, including communication, 

navigation, remote sensing, imaging, and weather and meteorological 

support. Satellites support direct radio communication and provide 

television broadcast and cable relay services, as well as home 

reception. Satellite services also support applications such as mobile 

and cellular communication, telemedicine, cargo tracking, point-of-

sale transactions, and Internet access. Satellites also provide 

redundancy and backup capabilities to ground-based communications, as 

was demonstrated after the events of September 11, 2001, when 

satellites provided critical communications while ground-based lines 

were unavailable.



The commercial satellite industry includes manufacturers, the launch 

industry, service providers, and ground equipment manufacturers. 

Manufacturers design and build satellites, supporting systems, and 

ground stations. The launch industry uses launch vehicles, powered by 

rocket engines, to place satellites in orbit. Once commercial 

satellites are in orbit, they are operated by service providers, who 

lease available services. Commercial satellite service clients include 

telecommunication companies, television networks, financial 

institutions, major retailers, Internet service providers, and 

governments. Some companies resell leased satellite services to their 

clients. For example, major telecommunication companies sometimes 

include satellite services in their product line. Ground equipment 

manufacturers build and sell the items needed to use satellite 

services, such as ground station hardware (antennas), data terminals, 

mobile terminals (truck-mounted units), and consumer electronics 

(satellite phones). For the year 2000, the commercial satellite 

industry generated revenues of $85.1 billion:[Footnote 4] $17.2 billion 

for satellite manufacturing, $8.5 billion for the launch 

industry,[Footnote 5] $41.7 billion for satellite services, and $17.7 

billion for ground equipment manufacturing,[Footnote 6] according to an 

industry association.



Federal agencies also own and operate satellites. For example, the U.S. 

military and intelligence communities have satellites to provide 

capabilities for reconnaissance, surveillance, early warning of missile 

launches, weather forecasts, navigation, and communications. In 

addition, some federal civilian agencies own satellites that are used 

for communications, scientific studies, and weather forecasting.



Further, federal agencies use commercial satellites for services such 

as communications, data transmission, and remote sensing. For example, 

DOD typically relies on commercial satellites to fulfill its 

communications and information transmission requirements for non-

mission-critical data and to augment its military satellite 

capabilities. The National Defense Industrial Association (NDIA) 

reported in December 1998 that the government’s overall use of 

commercial satellites for communications and remote sensing is expected 

to grow significantly because of increased communications requirements. 

According to a DOD official, the department’s reliance on commercial 

satellites is expected to grow through 2020. After 2020, DOD officials 

anticipate that commercial satellites will provide only surge capacity, 

as additional military satellites are expected to be operational. In 

addition to the U.S. military, several civilian government agencies 

also rely on commercial satellite systems. Table 1 provides brief 

descriptions of the use of commercial satellites by four civilian 

agencies included in our review.



Table 1: Civilian Agency Use of Commercial Satellites:



Agency: National Aeronautics and Space Administration; Use of 

commercial satellites: To serve as an alternative means of transmitting 

launch commands and scientific data when there are geographical 

limitations to terrestrial communications networks.



Agency: United States Secret Service; Use of commercial satellites: To 

provide, on a limited basis, communications when other methods are not 

available.



Agency: Federal Aviation Administration; Use of commercial satellites: 

To transmit corrected Global Positioning System data to aircraft and 

for remote location air traffic control communications.



Agency: National Oceanic and Atmospheric Administration/ 

National Weather Service; Use of commercial satellites: To disseminate 

imagery, graphic, and text data on weather conditions around the earth.



Source: Cited agencies.



[End of table]



Collectively, the federal government does not dominate the commercial 

satellite market. According to commercial satellite industry officials, 

the revenue provided to the satellite industry by the federal 

government represents about 10 percent of the commercial satellite 

market.



However, the importance of commercial satellites for government 

operations is evident during times of conflict. For example, according 

to a DOD study, commercial communications satellites were used in 45 

percent of all communications between the United States and the Persian 

Gulf region during Desert Shield/Desert Storm. Further, during 

operations in Somalia from December 1992 through March 1994, U.S. 

military and commercial satellite coverage was not available, so 

Russian commercial satellites were used. DOD currently reports 

approximately 50 percent reliance on commercial satellites for wideband 

services,[Footnote 7] which are leased through the Defense Information 

Systems Agency’s Commercial Satellite Communications Branch.[Footnote 

8]



The commercial satellite industry is a global industry that includes 

many foreign-owned corporations as well as partnerships between U.S. 

and foreign corporations. As a result, the U.S. government depends on 

foreign and international companies. For example, some commercial space 

systems of foreign origin are used by the U.S. military for imagery and 

communications support. NDIA reported that foreign ownership of 

satellites is expected to grow and predicted that by 2010, 80 percent 

of commercial communication satellite services could be provided by 

foreign-owned companies. This globalization of the satellite industry 

could affect the availability of commercial satellite systems to U.S. 

government or commercial entities through frequency allocations, 

tariffs, politics, and international law.



Satellites Operate through a System of Links and Ground Stations:



A satellite system consists of ground stations, tracking and control 

links (commonly referred to as the tracking, telemetry, and control 

(TT&C) links) and data links, and satellites. Figure 1 illustrates the 

basic satellite system components.



Figure 1: Key Components of a Satellite System:



[See PDF for image]



Source: GAO analysis.



[End of figure]



As the figure shows, two kinds of ground stations are associated with 

satellites: control stations and communications stations. Control 

stations perform tracking and control functions to ensure that 

satellites remain in the proper orbits (commonly referred to by the 

industry as “station keeping”) and to monitor their performance. 

Communications ground stations process imagery, voice, or other data 

and provide, in many cases, a link to ground-based terrestrial network 

interconnections.



The links between the two types of ground stations and the satellites 

are referred to by their function: TT&C and data links. TT&C links 

exchange commands and status information between control ground 

stations and satellites. Data links exchange communications, 

navigation, and imaging data between communications ground stations and 

satellites. As shown in figure 1, links are also distinguished by the 

direction of transmission: uplinks go from Earth to space, and 

downlinks from space to Earth. Satellites can also communicate with 

each other; these links are referred to as cross-links.



The final component of the system is the satellite. Every satellite has 

a “payload” and a “bus.” The payload contains all the equipment a 

satellite needs to perform its function, and it differs for every type 

of satellite. For example, the payload for a weather satellite includes 

cameras to take pictures of cloud formations, while the payload for a 

communications satellite includes transponders to relay data (for 

example, television or telephone signals).[Footnote 9] The bus carries 

the payload and additional equipment into space and provides electrical 

power, computers, and propulsion to the entire spacecraft. A satellite 

can serve simply as a relay between a source and a destination (for 

example, a communications satellite), or it can perform processing of 

data and communicate the data to a communications ground station (for 

example, an imaging satellite).



Satellite Systems Are Vulnerable to a Range of Threats:



Satellite systems face unintentional threats to all parts of the 

system; such threats can be ground-based, space-based, and 

interference-oriented. The probability of these threats occurring and 

the difficulty of exploiting these vulnerabilities vary. Table 2 

displays some of these threats and the vulnerable components.



Table 2: Unintentional Threats to Commercial Satellite Systems:



[See PDF for image]



Source: DOD and GAO analysis.



[End of table]



Ground stations are vulnerable to damage or destruction by natural 

terrestrial threats such as earthquakes, floods, thunderstorms, 

lightning, dust storms, heavy snows, tropical storms, tornadoes, 

corrosive sea spray, and salt air. In addition, they could also be 

affected by natural conditions and environmental hazards, such as air 

pollution and adverse temperature environments, as well as power 

outages.



Satellites are physically vulnerable to space-based environmental 

anomalies resulting from natural conditions and man-made artifacts. 

Space-based threats include solar and cosmic radiation and related 

phenomena, solar disturbances, temperature variations, and natural 

objects (meteoroids and asteroids). In addition, the growing number of 

satellites is contributing to the problem of space “junk” (spacecraft 

and debris). As of May 2002, DOD identified over 9,000 man-made objects 

in space, including active satellites. As additional satellites are 

developed and deployed, DOD officials stated that the threat of 

collisions caused by the proliferation of satellites and accompanying 

debris could increase.



Links are vulnerable both to natural conditions (in space and in the 

atmosphere) and to congestion. Links can be severely degraded by the 

effects of solar activity and atmospheric and solar disturbances. Both 

orbital and spectral congestion are a threat to links (as well as to 

satellites).[Footnote 10] Such congestion may restrict the future use 

of potential orbits and frequencies and cause unintentional 

interference to satellite services. According to one commercial service 

provider, satellite service providers worldwide work together to 

resolve interference problems, which are common. In addition, 

commercial satellite interference is regulated both internationally and 

nationally. The International Telecommunication Union specifies 

interference resolution policies and procedures, including those for 

harmful interference.[Footnote 11] Further, within the United States, 

the Federal Communications Commission (FCC)[Footnote 12] has the 

capability to track the location of interference, at a service 

provider’s request. Also, service providers told us that they could 

locate and identify unintentional or unauthorized users through a 

technique called triangulation. Once an unauthorized user is located, a 

commercial service provider can jam that user’s signal if the user 

cannot be persuaded to stop using the satellite. However, according to 

industry officials, typically an unauthorized user would be identified, 

located, and contacted through a combination of industry and government 

resources before such jamming would be needed.



In addition, satellite systems are vulnerable to many forms of 

intentional human attacks that are intended to destroy ground stations 

and satellites or interfere with the TT&C links, data links, and cross-

links. According to DOD and the private sector, the probability of 

these threats occurring and the difficulty of exploiting these 

vulnerabilities vary. Table 3 shows some of these intentional threats.



Table 3: Intentional Threats to Commercial Satellite Systems:



[See PDF for image]



Source: GAO analysis.



[End of table]



All types of ground stations are potentially vulnerable to threats of 

physical attack and sabotage. These threats could target all satellite 

ground components, including launch facilities, command and control 

facilities, and supporting infrastructures.



Space-based threats to satellites are proliferating as a result of the 

growing availability of technology around the world. According to DOD, 

potential space-based weapons include interceptors, such as space mines 

and orbiting space-to-space missiles, and directed-energy weapons. 

Directed-energy weapons include ground-based, airborne, and space-

based weapons that use laser energy to damage or destroy satellite 

services, and nuclear weapons that generate nuclear radiation and 

electronic pulses, resulting in direct damage to the orbital 

electronics by the primary and secondary effects of a detonation.



Ground stations, links, and supporting communications networks are all 

vulnerable to cyber attacks. Potential cyber attacks include denial of 

service, malicious software, unauthorized monitoring and disclosure of 

sensitive information (data interception), injection of fake signals or 

traffic (“spoofing”), and unauthorized modification or deliberate 

corruption of network information, services, and databases. For 

example, malicious software (such as computer viruses) can be 

(1) implanted into computer systems during development or inserted 

during operations; (2) used to manipulate network protocols, deny data 

or service, destroy data or software, and corrupt, modify, or 

compromise data; and (3) used to attack processor-controlled 

transmission equipment, control systems, or the information being 

passed.



Links are particularly susceptible to electronic interference threats 

capable of disrupting or denying satellite communications. These 

threats include spoofing and jamming. A spoofer emits false, but 

plausible, signals for deception purposes. If false commands could be 

inserted into a satellite’s command receiver (spoofing the receiver), 

they could cause the spacecraft to tumble or otherwise destroy itself. 

It is also feasible to insert false information or computer viruses 

into the terrestrial computer networks associated with a space system, 

either remotely or through an on-site connection. Such an attack could 

lead to space system degradation or even complete loss of spacecraft 

utility.



A jammer emits noise-like signals in an effort to mask or prevent the 

reception of desired signals and can be used to disrupt uplinks, 

downlinks, and cross-links. An uplink jammer attempts to inject noise 

or some other signal into the targeted satellites’ uplink receivers. In 

general, an uplink jammer must be roughly as powerful as the emitter 

associated with the link being jammed.



Downlink jamming attempts to inject noise or some other signal directly 

into earth terminal receivers. The targets of downlink jammers are 

ground-based satellite data receivers, ranging from large fixed ground 

sites to handheld Global Positioning System (GPS) user terminals. Since 

downlink jammers have a range advantage over the space-based emitters, 

they can often be much less powerful. Downlink jamming is generally 

easier to accomplish than uplink jamming, since very low-power jammers 

are often suitable. Since a downlink may be received by multiple earth 

terminals, it is often more difficult to jam more than a few earth 

terminals through downlink jamming than through uplink jamming, 

especially if the receiver terminals are dispersed across a significant 

geographical area.



A cross-link jammer attempts to inject noise or some other signal 

between two satellites communicating directly with each other. Because 

it is considered the most complex and difficult approach to satellite 

jamming, according to a DOD document,[Footnote 13] cross-link jamming 

is considered a lower probability threat than uplink and downlink 

jamming.



Satellite Vulnerabilities Have Led to Disruptions:



Satellite services have been disrupted or denied as a result of system 

vulnerabilities. Below is a list of satellite-related incidents that 

have been publicly reported in which services were interrupted 

unintentionally or intentionally because of satellites’ 

vulnerabilities to jamming and equipment failure:



* In April 1986, an insider, working alone under the name “Captain 

Midnight” at a commercial satellite transmission center in central 

Florida, succeeded in disrupting a cable network’s eastern uplink feed 

to the Galaxy I satellite. Although this event was a minor annoyance, 

it had the potential for disrupting services to satellite users.



* Starting in 1995, MED-TV, a Kurdish satellite channel, was 

intentionally jammed (and eventually had its license revoked) because 

its broadcasts promoted terrorism and violence.



* In 1997, while a GPS transmitter was being tested on the ground, it 

unintentionally interfered with the GPS receivers of a commercial 

aircraft in the area. The plane temporarily lost all of its GPS 

information.



* In 1997, Indonesia intentionally interfered with and denied the 

services of a commercial satellite belonging to the South Pacific 

island kingdom of Tonga because of a satellite orbital slot dispute.



* In 1998, the failure of PANAMSAT’s Galaxy IV satellite, attributable 

to an on-board processor anomaly, disabled 80 to 90 percent of 45 

million pagers across the United States for 2 to 4 days, leaving 

approximately 70 percent of a major oil company’s customers without the 

ability to pay for services at the pump.



Critical Infrastructure Protection Policy Addresses Information 

Security of Key Sectors:



Recognizing that our nation’s critical infrastructures, including 

telecommunications, energy, banking and finance, transportation, and 

satellites, are the foundation of our economy, national security, and 

quality of life, in October 1997 the President’s Commission on Critical 

Infrastructure Protection issued a report recommending several measures 

to achieve a higher level of protection of critical infrastructures. 

These measures included industry cooperation and information sharing, 

the creation of a national organization structure, a revised program of 

research and development, a broad program of awareness and education, 

and reconsideration of laws related to infrastructure protection. The 

report also described the potentially devastating implications of poor 

information security from a national perspective. The report stated 

that a comprehensive effort would need to “include a system of 

surveillance, assessment, early warning, and response mechanisms to 

mitigate the potential for cyber threats.”[Footnote 14]



Presidential Decision Directive (PDD) 63, issued in 1998 to improve the 

federal government’s approach to critical infrastructure protection 

(CIP), describes a strategy for cooperative efforts by government and 

the private sector to protect critical computer-dependent operations. 

The directive called on the federal government to serve as a model of 

how infrastructure assurance is best achieved, and it designated lead 

agencies to work with private-sector and government entities. To 

accomplish its goals, PDD 63 designated and established organizations 

to provide central coordination and support, including:



* the Critical Infrastructure Assurance Office (CIAO), an interagency 

office that is housed in the Department of Commerce, which was 

established to develop a national plan for CIP on the basis of 

infrastructure plans developed by the private sector and federal 

agencies; and:



* the National Infrastructure Protection Center, an organization within 

the FBI, which was expanded to address national-level threat 

assessment, warning, vulnerability, and law enforcement investigation 

and response.



To ensure coverage of critical sectors, PDD 63 also identified eight 

private-sector infrastructures and five special functions; information 

and communication is one of the eight infrastructures identified. 

Further, the directive designated lead federal agencies to work with 

the private-sector entities. For example, Commerce is the lead agency 

for the information and communication sector (the responsible 

organization within Commerce is the National Telecommunications and 

Information Administration), and the Department of Energy is the lead 

agency for the electrical power industry. Similarly, for special 

function areas, DOD is responsible for national defense, and the 

Department of State is responsible for foreign affairs.



To facilitate private-sector participation, PDD 63 also encouraged 

creation of information sharing and analysis centers (ISACs) that could 

serve as a mechanism for gathering, analyzing, and appropriately 

sanitizing and disseminating information to and from infrastructure 

sectors and the federal government through the FBI’s National 

Infrastructure Protection Center.[Footnote 15] Although most of the 

ISACs are operated by private-sector organizations, the 

telecommunications ISAC is operated by a government entity, the 

National Coordinating Center for Telecommunications (NCC), which is 

part of the National Communications System.[Footnote 16] In September 

2001, we reported that six ISACs within five infrastructures had been 

established to gather and share information about vulnerabilities, 

attempted intrusions, and attacks within their respective 

infrastructure sectors and to meet specific sector objectives.[Footnote 

17] In addition, at that time, we reported that the formation of at 

least three more ISACs for various infrastructure sectors was being 

discussed. Figure 2 displays a high-level overview of several 

organizations with CIP responsibilities, as outlined by PDD 63.



Figure 2: Entities with CIP Responsibilities as Outlined by PDD 63:



[See PDF for image]



Source: CIAO.



[End of figure]



The most recent federal cyber CIP guidance was issued in October 2001, 

when President Bush signed Executive Order 13231, Critical 

Infrastructure Protection in the Information Age, which continues many 

PDD 63 activities by focusing on cyber threats to critical 

infrastructures and creating the President’s Board on CIP to coordinate 

cyber-related federal efforts. The Special Advisor to the President for 

Cyberspace Security chairs the board.



In July 2002, the President issued a national strategy for homeland 

security that identifies 14 industry sectors, including the 8 

identified in PDD 63. The additional 6 are agriculture, food, defense 

industrial base, chemical industry and hazardous materials, postal and 

shipping, and national monuments and icons.[Footnote 18]



Current Space Policy Addresses Aspects of Federal Uses of Commercial 

Satellites:



The U.S. national space policy provides goals and guidelines for the 

U.S. space program, including the use of commercial satellites. In 

February 1991, the President issued National Space Policy Directive 3, 

which requires U.S. government agencies to use commercially available 

space products and services to the fullest extent feasible. 

Presidential Decision Directive 49, dated September 19, 1996, provides 

goals for the U.S. space program and establishes space guidelines. For 

example, a guideline regarding the commercial space industry stated 

that U.S. government agencies shall purchase commercially available 

space goods and services to the fullest extent feasible, and that, 

except for reasons of national security or public safety, they shall 

not conduct activities with commercial applications that preclude or 

deter commercial space activities. Neither the National Space Policy 

Directive 3 nor PDD 49 specifically addresses the security of satellite 

systems used by federal agencies. However, PDD 49 states that critical 

capabilities necessary for executing space missions must be ensured. 

Security of satellite systems has been addressed in policy documents 

issued by the National Security Telecommunications and Information 

Systems Security Committee (recently renamed the Committee on National 

Security Systems). The initial policy was set forth in National Policy 

on Application of Communications Security to U.S. Civil and Commercial 

Space Systems, National Telecommunications and Information Systems 

Security Policy (NTISSP) No. 1 (June 17, 1985), which governed the 

protection of command and control uplinks for government-used 

satellites other than military. This policy, which applies to space 

systems launched 5 years from the policy date (June 17, 1985), limits 

government and government contractor use of U.S. civil and commercial 

satellites to those systems using accepted techniques to protect the 

command and control uplinks.



In January 2001, a new policy governing satellite system security was 

issued, superseding NTISSP No. 1: National Information Assurance (IA) 

Policy for U.S. Space Systems, National Security Telecommunications and 

Information Systems Security Policy (NSTISSP) No. 12. NSTISSP No. 12, 

which focuses on systems used for U.S. national security information, 

aims to ensure that information assurance[Footnote 19] is factored into 

“the planning, design, launch, sustained operation, and deactivation of 

federal and commercial space systems used to collect, generate, 

process, store, display, or transmit and receive such information.” The 

policy also includes a provision addressing commercial imagery 

satellites that may be used to satisfy national security requirements 

during periods of conflict or war. The policy states that approved U.S. 

cryptographies shall be used to provide confidentiality for (1) command 

and control uplinks, (2) data links that transmit national security 

information between the ground and the space platforms, (3) cross-links 

between space platforms, and

(4) downlinks from space platforms to mission ground or processing 

centers.[Footnote 20]



Security Techniques Are Available to Protect TT&C and Data Links, 

Satellites, and Ground Stations:



A range of security techniques is available for protecting satellite 

systems: for example, using encryption on TT&C and data links, using 

robust parts on the satellites, and applying physical and cyber 

security controls at the ground stations. The application of these 

techniques varies across federal agencies and the private sector. 

Commercial satellite service providers typically use some of these 

security techniques to meet most of their customers’ security 

requirements, and they base their decisions on business objectives. 

Generally, the military applies more stringent security techniques to 

their satellites than do civilian agencies or the private sector. Table 

4 provides an overview of security techniques by satellite system 

component.



Table 4: Security Techniques Available to Address Unintentional and 

Intentional Threats:



[See PDF for image]



Source: GAO analysis.



[End of table]



Various Techniques Can Protect TT&C and Data Links:



Techniques to protect satellite links include the use of encryption, 

high-power radio frequency (RF) uplinks, spread spectrum 

communications, and a digital interface unique to each satellite. 

Commercial satellite service providers, federal satellite owners and 

operators, and customers stated that they typically use at least one of 

these techniques. Usually, only the military uses spread spectrum 

techniques.



Both TT&C and data links can be protected by encryption: generally, for 

TT&C links, the tracking and control uplink is encrypted, while the 

telemetry downlink is not. Encryption is the transformation of ordinary 

data (commonly referred to as plaintext) into a code form (ciphertext) 

and back into plaintext, using a mathematical process called an 

algorithm. Encryption can be used on data to (1) hide information 

content, (2) prevent undetected modification, and (3) prevent 

unauthorized use.



Different levels of encryption provide different levels of protection, 

including encryption approved by the National Security Agency (NSA) 

that is used for national security information. NSTISSP No. 12 requires 

approved U.S. cryptographies on TT&C and data links for U.S. space 

systems transmitting national security information. For satellite 

systems transmitting non-national-security information, there is no 

policy that security is required for the links, but satellite service 

providers and federal satellite owners and operators included in our 

review stated that they protect tracking and control uplinks with 

encryption. However, NSA officials stated that not all commercial 

providers’ tracking and control uplinks are encrypted. Concerning the 

data links, customers are responsible for determining whether they are 

encrypted or not. Most commercial satellite systems are designed for 

“open access,” meaning that a transmitted signal is broadcast 

universally and unprotected.



A second security technique for links is the use of high-power RF 

uplinks: that is, a large antenna used to send a high-power signal from 

the ground station to the satellite. To intentionally interfere with a 

satellite’s links, an attacker would need a large antenna with a 

powerful radio transmitter (as well as considerable technical 

knowledge). Two of the commercial providers we talked to stated that 

they use high-power RF uplinks as part of their satellite security 

approach. According to one commercial provider, most satellite 

operators use high-power RF uplinks for TT&C connections to block 

potential unauthorized users’ attempts to interfere with or jam the 

TT&C uplink.



A third technique for protecting links is the use of spread spectrum 

communication, a technique used by the military and not normally 

implemented by commercial providers. Spread spectrum communication is a 

form of wireless communication in which the frequency of the 

transmitted signal is deliberately varied and spread over a wide 

frequency band. Because the frequency of the transmitted signal is 

deliberately varied, spread spectrum communication can provide security 

to links because it increases the power required to jam the signals 

even if they are detected. Spread spectrum communication is primarily 

used to optimize the efficiency of bandwidth within a frequency range, 

but it also provides security benefits.[Footnote 21]



Finally, TT&C links can be protected by the use of a unique digital 

interface between the ground station and the satellite. According to 

one commercial satellite service provider, most commercial providers 

use a unique digital interface with each satellite. Tracking and 

control instructions sent from the ground station to the satellite are 

encoded and formatted in a way that is not publicly known. Officials 

from the commercial satellite vendor stated that even if an attacker 

were successful in hacking one satellite, the unique interface could 

prevent the attacker from taking control of an entire fleet of 

satellites. In addition, communication with the digital interface to 

the tracking and control links requires high transmission power, so 

that an attacker would need a large, powerful antenna.



Satellites Can Be Protected through Hardening and Redundancy:



Satellites can be protected by (1) “hardening,” through designs and 

components that are built to be robust enough to withstand harsh space 

environments and deliberate attacks, and (2) the use of redundancy--

backup systems and components. Commercial satellite service providers 

and federal civilian owners and operators told us that they do not 

harden their satellites to the extent that the military does. 

Commercial providers, federal civilian owners and operators, and the 

military use varying degrees of redundancy to protect their satellites.



As satellites rely increasingly on on-board information processing, 

hardening is becoming more important as a security technique. Hardening 

in this context includes physical hardening and electronic-component 

hardening. Satellites can be hardened against natural environmental 

conditions and deliberate attack, and to ensure survivability.[Footnote 

22] Most hardening efforts are focused on providing sufficient 

protection to electronic components in satellites so that they can 

withstand natural environmental conditions over the expected lifespan 

of the satellite, which could be nearly 15 years. For hardening against 

deliberate attacks, some techniques proposed include the use of 

reflective surfaces, shutters, and nonabsorbing materials. According to 

commercial satellite providers, commercial satellites are not normally 

hardened against non-natural nuclear radiation because it is too 

costly. The drawback of hardening is the cost and the manufacturing and 

operational burdens that it imposes on satellite manufacturers and 

providers.



The use of high-quality space parts is another approach to hardening. 

Although all parts used in satellites are designed to withstand natural 

environmental conditions, some very high-quality parts that have 

undergone rigorous testing and have appreciably higher hardness than 

standard space parts are also available, including those referred to as 

class “S” parts. These higher quality space parts cost significantly 

more than regular space parts--partly because of the significant 

testing procedures and more limited number of commercial providers 

manufacturing hardened parts. According to an industry official, high-

quality space parts are used by the military and are generally not used 

on commercial satellites.



Commercial satellite providers stated that they also use redundancy to 

ensure availability, through backup satellites and redundant features 

on individual satellites. Backup satellites enable an organization to 

continue operations if a primary satellite fails. One provider stated 

that it would rather spend resources on backup satellites than on 

hardening future satellites or encrypting the TT&C and data links. The 

provider also expressed the view that a greater number of smaller, less 

costly satellites provides greater reliability than is provided by few 

large satellites, because there is more redundancy. According to an 

industry consulting group, backup satellites, which include in-orbit 

and on-ground satellites, are part of commercial satellite providers’ 

security approaches. When backup satellites are used, they are commonly 

kept in orbit; keeping backup satellites on the ground is possible, but 

it has the disadvantage that the system cannot immediately continue 

operations if the primary satellite fails. According to one provider, 

it could take 4 to 6 months to launch a backup satellite stored on the 

ground.



In addition, individual satellites can be designed to have redundant 

parts. For example, a commercial satellite provider told us that 

redundant processors, antennas, control systems, transponders, and 

other equipment are frequently used to ensure satellite survivability. 

Another example is that satellites could have two completely separate 

sets of hardware and two paths for software and information; this is 

referred to as having an A-side and a B-side. In general, this 

technique is not used on commercial satellites, according to an 

industry official.



Ground Stations Can Be Protected Primarily by Physical Security 

Controls:



Techniques to protect ground stations include physical controls as well 

as logical security controls, hardening, and backup ground stations. 

Ground stations are important because they control the satellite and 

receive and process data. One provider stated that providing physical 

security measures to ground stations is important because the greatest 

security threat to satellite systems exists at that location.



Locations of ground stations are usually known and accessible; thus, 

they require physical security controls such as fencing, guards, and 

internal security. One provider emphasized the importance of performing 

background checks on employees. Civilian agencies also stated that they 

protected ground stations through various physical security controls: 

ground stations are fenced, guarded, and secured inside with access 

control devices, such as key cards.



The commercial satellite service providers included in our review 

stated that they did not protect their ground stations through 

hardening; this technique is primarily used by the military.[Footnote 

23] Similarly, most civilian agencies we talked to do not harden their 

ground stations. A ground station would be considered hardened if it 

had protective measures to enable it to withstand destructive forces 

such as explosions, natural disasters, or ionizing radiation.



Commercial satellite providers and federal agency satellite owners and 

operators also may maintain off-line or fully redundant ground stations 

to ensure availability, which can be used if the primary ground station 

is disrupted or destroyed. Off-line backup ground stations may not be 

staffed or managed by the same company, or on a full-time basis. In 

addition, off-line backup ground stations are not necessarily designed 

for long-term control of satellites. On the other hand, one commercial 

service provider stated that it maintained fully redundant, co-primary, 

geographically separated ground stations that are fully staffed with 

trained operators, gated with restricted access, and capable of long-

term uninterruptible power. In addition, these ground stations 

periodically alternated which satellites they were responsible for as a 

training exercise. They also operated 24 hours a day, 7 days a week, 

and monitored each other.



Federal Satellite Users Can Reduce Risks Only in Certain Areas, and 

National Policy Is Limited:



To mitigate the risk associated with using commercial satellites, 

federal agencies focus on areas within their responsibility and 

control: data links and communication ground stations. According to 

federal agency officials, agencies reduce risks associated with using 

commercial satellites by (1) protecting the data’s authentication and 

confidentiality with encryption, (2) securing the data ground stations 

with physical security controls and backup sites, and (3) ensuring 

service availability through redundancy and dedicated services. Federal 

agencies rely on commercial satellite service providers to provide the 

security techniques for the TT&C links, satellites, and satellite 

control stations. However, federal agency officials stated that they 

were unable to impose specific security requirements on commercial 

satellite service providers. Further, federal policy governing the 

security of satellite systems used by agencies is limited because it 

addresses only those satellites used for national security information, 

pertains only to techniques associated with the links between ground 

stations and satellites and between satellites (cross-links), and does 

not have an enforcement mechanism. Without appropriate governmentwide 

policy to address the security of all satellite components and of non-

national-security information, federal agencies may not, for 

information with similar sensitivity and criticality, consistently (1) 

secure data links and communication ground stations or (2) use 

satellites that have certain security controls that enhance 

availability. Recent initiatives by the Executive Branch have 

acknowledged these policy limitations, but we are not aware of specific 

actions to address them.



Agencies Provide Encryption to Protect Data:



For critical data, agencies primarily use different types of encryption 

to reduce the risk of unauthorized use or changes. For example, the 

military services use encryption to protect most data communicated over 

satellites--either commercially owned or military. DOD officials stated 

that the military services use the strongest encryption algorithms 

available from the NSA for the most sensitive information--national 

security information. For non-national-security information, the 

military services use less strong encryption algorithms, according to 

DOD officials. The National Aeronautics and Space Administration (NASA) 

also uses NSA-provided encryption for critical operations, such as 

human mission communications (that is, for space shuttle missions). 

Using NSA encryption requires encryption and decryption hardware at the 

data’s source and destination, respectively. The use of this hardware 

requires agencies and satellite service providers to apply special 

physical protection procedures--such as restricting access to the 

equipment and allowing no access by foreign nationals. For the next 

generation of government-owned weather satellites, the National Oceanic 

and Atmospheric Administration (NOAA) and the U.S. military plan to use 

an NSA-approved commercial encryption package that will avoid the need 

for special equipment and allow them to restrict the data to authorized 

users with user IDs and passwords. In addition, NOAA will be able to 

encrypt broadcast weather data over particular regions of the world.



According to NASA and NOAA officials, some agency data do not require 

protection because the risk of unauthorized use or changes is not 

significant or because the information is intended to be available to a 

broad audience. For example, NASA uses satellites to provide large 

bandwidth to transmit scientific data from remote locations. According 

to NASA officials, the agency does not protect the transmission of 

these data because they are considered academic in nature and low risk. 

In addition, the Federal Aviation Administration (FAA) does not encrypt 

links between control centers or between control centers and aircraft, 

because the data on these links go from specific air traffic control 

centers to specific aircraft. According to FAA officials, if the 

transmissions were required to be encrypted, every aircraft would have 

to acquire costly decryption equipment. Further, according to National 

Weather Service officials, the service does not protect the weather 

data transmitted over commercial satellites because the service 

considers it important to make this information widely available not 

only to its sites but also to government agencies, commercial partners, 

universities, and others with the appropriate equipment.



Agencies Provide Physical Security for Communications Ground Stations:



Federal agencies also control the security of the data ground stations 

that send and receive data over satellites. To protect these ground 

stations, federal officials stated that they use physical security 

techniques, such as those discussed earlier. They protect their 

facilities and equipment from unintentional and intentional threats 

(such as wind, snow, and vandalism). For example, according to FAA 

officials, in certain locations, FAA has hardened remote satellite 

ground stations against high wind and cold weather conditions. In 

addition, NOAA officials stated that many of their antennas are 

hurricane protected. Further, federal officials stated that they 

perform background checks on personnel. NOAA officials stated that they 

perform background checks on satellite technicians to the secret 

clearance level. Federal officials also stated that their ground 

stations are further protected because they are located on large, 

protected federal facilities. For example, military ground stations can 

be located on protected U.S. or allied military bases. Also, National 

Weather Service officials stated that the service’s primary 

communications uplink is located on a highly secured federal site. 

Further, according to DOD officials, personnel are expected to protect 

the satellite equipment provided to them in the field. Agencies also 

had backup communications sites that were geographically separated, 

including being on different power grids. For example, according to an 

official, the National Weather Service’s planned backup communications 

uplink site will be geographically separated from the primary site and 

will be on a secured federal site.



Agencies Attempt to Ensure Availability through Redundancy and 

Dedicated Services:



Federal agencies also reduce the risk associated with using commercial 

satellites by having redundant telecommunications capabilities. For 

example, for the program that provides Alaska’s air traffic control, 

FAA relies on two satellites to provide backup capacity for each other. 

In addition to this redundancy, FAA has requested its commercial 

satellite service provider to preferentially provide services to FAA’s 

Alaska air traffic control system over other customers carried on the 

same satellites. Another FAA program provides primary communications 

capabilities in remote locations and has redundant satellite capacity 

that can be used if the primary satellite fails. The National Weather 

Service is another example. The service uses redundancy to ensure the 

availability of satellite services that broadcast weather data to its 

160 locations by contracting for priority services that include 

guarantees of additional transponders or, if the satellite fails, of 

services on other satellites. In addition, the service plans to own and 

operate a backup communications center that is geographically separated 

from the primary site. The service performs monthly tests of the backup 

site’s ability to provide the communications uplink to the commercial 

satellites.



Agencies Do Not Control All Aspects of Security and Have Limited 

Ability to Influence Availability and Security Requirements:



Federal agencies rely on the commercial satellite service provider’s 

security techniques for the TT&C links, satellites, and satellite 

control ground stations. Figure 3 graphically depicts the areas not 

controlled by federal agencies.



Figure 3: Commercial Satellite System Showing Components Not Controlled 

by Government Agencies:



[See PDF for image]



Source: GAO analysis.



[End of figure]



To mitigate the risk associated with not controlling aspects of 

commercial satellite security other than protecting the data links and 

communications ground stations, federal agencies attempt to specify 

availability[Footnote 24] and reliability[Footnote 25] requirements, 

but they acknowledge having had limited influence over security 

techniques employed by commercial satellite service 

providers.[Footnote 26] Federal officials stated that they are usually 

constrained by the availability and reliability levels that can be 

provided by their telecommunications service providers. For example, 

for one program, an FAA contract requires 99.7 percent availability in 

recognition of the satellite service provider’s limitations, though the 

agency typically receives 99.8 percent. However, FAA would prefer 

99.999 percent availability on this program’s satellite communications, 

which is similar to the reliability level being received from 

terrestrial networks that FAA uses where available. According to one 

FAA official, greater satellite reliability could be gained by having 

multiple satellite service providers furnish communications over the 

same regions, but this approach is too costly.



Although maintaining established or contracted reliability levels 

generally requires that service providers maintain some level of 

security, federal officials stated that their agencies cannot usually 

require commercial satellite service providers to use specific security 

techniques. Commercial satellite service providers have established 

operational procedures, including security techniques, some of which, 

according to officials, cannot be easily changed. For example, once a 

satellite is launched, additional hardening or encryption of the TT&C 

link is difficult, if not impossible. Some service providers offer the 

capability to encrypt the command uplinks. According to FAA officials, 

FAA is in the process of performing risk assessments, in compliance 

with its own information systems security policies, on the commercial 

services (including satellite services) that it acquires. Based on 

these risk assessments, FAA officials plan to accredit and certify the 

security of the agency’s program that relies on commercial satellites.



Existing Federal Policy Concerning Commercial Satellite Security Is 

Limited:



Federal policy governing agencies’ actions regarding the security of 

commercial satellite systems is limited, in that it (1) pertains only 

to satellites used for national security purposes, (2) addresses 

security techniques associated with links only, and (3) does not have 

an enforcement mechanism for ensuring compliance. Although the 

Executive Branch has recently acknowledged these policy limitations, we 

are not aware of specific actions to address them.



NSTISSP No. 12, the current policy governing satellite system security, 

applies only to U.S. space systems (U.S. government-owned or 

commercially owned and operated space systems) that are used for 

national security information and to imagery satellites that are or 

could be used for national security purposes during periods of conflict 

or war. It does not apply to systems that process sensitive, non-

national-security information. Issued by the National Security 

Telecommunications and Information Systems Security Committee (now the 

Committee on National Security Systems (CNSS)), NSTISSP No. 12 has as 

its primary objective “to ensure that information assurance is factored 

into the planning, design, launch, sustained operation, and 

deactivation of U.S. space systems used to collect, generate, process, 

store, display, or transmit/receive national security information, as 

well as any supporting or related national security systems.” NSTISSP 

No. 12 also suggests that federal agencies may want to consider 

applying the policy’s information assurance requirements to those space 

systems that are essential to the conduct of agencies’ unclassified 

missions, or to the operation and maintenance of critical 

infrastructures.



In addition to having a focus only on national security, the policy is 

further limited in that it addresses security techniques only for the 

links. It does not include physical security requirements for the 

satellites or ground stations. Specifically, for satellite systems to 

which it applies, NSTISSP No. 12 states that approved U.S. 

cryptographies shall be used to provide confidentiality for the (1) 

command and control uplinks, (2) data links that transmit national 

security information between the ground and the space platforms, (3) 

cross-links between space platforms, and (4) downlinks from space 

platforms to mission ground or processing centers.



Also, there is no enforcement mechanism to ensure agency compliance 

with the policy. According to one NSA official on the CNSS support 

staff, enforcement of such policies has always been a problem, because 

no one has the authority to force agencies’ compliance with them. 

According to some agency officials, agencies typically do not test 

their service providers’ implementation of security procedures.



According to the federal and commercial officials involved in our 

study, no commercial satellite is currently fully compliant with 

NSTISSP No. 12, and gaining support to build compliant systems would be 

difficult. According to commercial satellite industry officials, there 

is no business case for voluntarily following the NSTISSP No. 12 

requirements and implementing them in the satellites and ground 

stations, including networks that are currently being developed.



Commercial satellite service providers also raised concerns about the 

impact of NSTISSP No. 12 on their future commercial satellite systems. 

Several officials stated that if compliance were required, it would 

significantly increase the complexity of managing the satellites, 

because encryption key management is cumbersome,[Footnote 27] and 

appropriately controlling access to the hardware is difficult in global 

companies that have many foreign nationals. Also, commercial satellite 

service providers stated that encrypting the TT&C links could increase 

the difficulty of troubleshooting, for example, because the time it 

takes to encrypt and then decrypt a command could become significant 

when a TT&C problem arises. Other issues raised that make NSTISSP No. 

12 difficult to implement include the following:



* Some satellite service providers view compliance with it as not 

necessary for selling services to the government, since in the past 

agencies have used satellites that did not comply with prior security 

policy. For example, DOD has contracted for services on satellites that 

were not compliant with the previous and existing policy for various 

reasons. However, at times, noncompliant satellites have been DOD’s 

only option.



* Commercial clients will likely be unwilling to pay the additional 

cost associated with higher levels of encryption. Significant costs 

would include licensing agreements and redesigning hardware for new 

encryption technologies.



* Satellite industry officials stated that their experience shows that 

encryption does not really provide much greater security than other 

techniques that protect TT&C and data links.



Notwithstanding the above issues, in response to the policy’s 

limitations, DOD officials from the Office of the Assistant Secretary 

of Defense for Command, Control, Communications, and Intelligence 

stated that the department had started drafting a policy that would 

require all commercial satellite systems used by DOD to meet NSTISSP 

No. 12 requirements. This draft policy includes a waiver process 

requiring prior approval before any satellite system could be used that 

did not meet the security requirements. If approved, this policy would 

apply only to DOD. DOD officials are anticipating that this policy will 

be approved by the end of 2002.



In addition to DOD’s efforts, a CNSS official stated that a draft 

policy was developed to address the lack of national policy or guidance 

for the assurance of non-national-security information. Although this 

policy was broad in scope, covering many aspects of information 

assurance, this official stated that satellite security could be 

included in its scope. However, this official also stated that the 

CNSS’s efforts ended in April 2002 when it sent the draft policy to the 

Director of the Office of Management and Budget (OMB) for 

consideration, because the CNSS lacks authority in the area of non-

national-security information. In transmitting the draft policy to the 

Director, OMB, the CNSS Chair encouraged the development of this policy 

as a first step in establishing a national policy addressing the 

protection of information technology systems that process sensitive 

homeland security information, as well as information associated with 

the operation of critical infrastructures. According to an OMB 

official, the draft policy is valuable input for future policy 

decisions related to protecting government information.



Recognizing that space activities are indispensable to our national 

security and economic vitality, on May 8, 2002, the President’s 

National Security Advisor sent a memorandum to top cabinet officials 

stating that she plans to recommend that the White House initiate a 

review of U.S. space policies that have been in place since 1996. To 

date, we are not aware of specific actions taken in response to the 

draft policy sent to OMB and the National Security Advisor’s 

memorandum.



Without appropriate governmentwide policy to address the security of 

all satellite components and of non-national-security information, 

federal agencies may not, for information with similar sensitivity and 

criticality, consistently (1) secure data links and communication 

ground stations or (2) use satellites that have certain security 

controls that enhance availability. As a result, federal agencies risk 

losing needed capabilities in the event of the exploitation of 

satellite system vulnerabilities.



National CIP Initiatives Addressing Satellite Security Have Been 

Limited:



PDD 63 was issued to improve the federal approach to protecting our 

nation’s critical infrastructures by establishing partnerships between 

private-sector entities and the federal government. Although this 

directive addressed the satellite vulnerabilities of GPS and led to a 

detailed vulnerability assessment, the satellite industry has not 

received focused attention as part of this national effort. Given the 

importance of commercial satellites to our nation’s economy, the 

federal government’s growing reliance on them, and the dependency of 

many other infrastructures on satellites, not including them in our 

national CIP approach creates the risk that these critical components 

of our information and communication infrastructure may not receive 

needed attention.



Both PDD 63 and the report of the President’s Commission on Critical 

Infrastructure Protection (October 1997) addressed satellite 

vulnerabilities of the GPS and made several recommendations to the 

Secretary of Transportation, including to fully evaluate these 

vulnerabilities and actual and potential sources of interference to the 

system. In August 2001, the John A. Volpe Transportation Systems Center 

issued a report that includes an assessment of the vulnerabilities of 

the GPS; analysis of civilian aviation, maritime, and surface uses; 

assessment of the ways that users may be affected by short-or long-term 

GPS outages; and recommendations to minimize the safety and operational 

impacts of such outages.[Footnote 28] One overarching finding was that 

because of the increasing reliance of transportation on GPS, the 

consequences of loss of the signal could be severe in terms of safety 

and of environmental and economic damage to the nation.



Despite the focused attention on GPS, other aspects of the satellite 

industry have not received national attention. In PDD 63, commercial 

satellites were not identified as a critical infrastructure (or as part 

of one), and thus are not specifically included as part of our nation’s 

approach to protecting critical infrastructures. Further, PDD 63 does 

not explicitly include the commercial satellite industry as part of the 

information and communications infrastructure sector, nor does the 

newly issued national strategy for homeland security. Although there 

have been discussions about expanding the coverage of individual 

sectors (particularly since the events of September 11, 2001), National 

Telecommunications and Information Administration (NTIA) officials 

stated that there are no specific plans to build better partnerships 

with satellite builders and operators as part of their efforts. CIAO 

officials also told us that there are no specific plans to include 

commercial satellite companies in current national efforts. However, 

CIAO added that some of the current infrastructure sectors may address 

satellites in their plans for industry vulnerability assessments and 

remediation, since some of these infrastructures rely on satellites for 

communications or other functions, such as tracking shipments or 

trucks, or monitoring the condition of equipment. The 

telecommunications ISAC reiterated NTIA’s and CIAO’s comments that 

there are no specific plans to include satellites in national CIP 

efforts. The ISAC for the telecommunications sector, recognized by the 

President’s National Security Council in January 2000, is the National 

Coordinating Center for Telecommunications (NCC), which is operated by 

the National Communications System. As such, NCC is responsible for 

facilitating the exchange of information among government and industry 

participants regarding computer-based vulnerability, threat, and 

intrusion information affecting the telecommunications infrastructure. 

Also, the center analyzes data received from telecommunications 

industry members, government, and other sources to avoid or lessen the 

impact of a crisis affecting the telecommunications infrastructure. 

Since its recognition as an ISAC, NCC membership has expanded beyond 

traditional telecommunications entities to include some aerospace 

companies such as Boeing and Raytheon, but the ISAC does not 

specifically focus on commercial satellites.



Officials from one of the satellite service providers told us that they 

would endorse an ISAC-like forum to discuss vulnerabilities to 

commercial and military satellites. In July 2002, we recommended that 

when developing the strategy to guide federal CIP efforts, the 

Assistant to the President for National Security Affairs, the Assistant 

to the President for Homeland Security, and the Special Advisor to the 

President for Cyberspace Security ensure, among other things, that the 

strategy includes all relevant sectors and defines the key federal 

agencies’ roles and responsibilities associated with each of these 

sectors.[Footnote 29] Given the importance of satellites to the 

national economy, the federal government’s growing reliance on them, 

and the many threats that face them, failure to explicitly include 

satellites in the national approach to CIP leaves a critical aspect of 

the national infrastructure without focused attention.



Conclusions:



Commercial satellite service providers use a combination of techniques 

to protect their systems from unauthorized use and disruption, 

including hardware on satellites, physical and logical controls at 

ground stations, and encryption of the links. Although this level of 

protection may be adequate for many government requirements, commercial 

satellite systems lack the security features used in national security 

satellites for protection against deliberate disruption and 

exploitation.



Federal agencies reduce the risk associated with their use of 

commercial satellites by controlling the satellite components within 

their responsibility--primarily the data links and communication ground 

stations. But the satellite service provider is typically responsible 

for most components--the satellite, TT&C links, and the satellite 

control ground stations. Because federal agencies rely on commercial 

satellite service providers for most security features, they also 

reduce their risk by having redundant capabilities in place. However, 

national satellite protection policy is limited because it pertains 

only to satellite systems that are used for national security 

information, addresses only techniques associated with the links, and 

does not have an enforcement mechanism. Recent initiatives by the 

Executive Branch have acknowledged these policy limitations, but we are 

not aware of specific actions taken to address them.



Satellites are not specifically identified as part of our nation’s 

critical infrastructure protection approach, which relies heavily on 

public-private partnerships to secure our critical infrastructures. As 

a result, a national forum to gather and share information about 

industrywide vulnerabilities of the satellite industry does not exist, 

leaving a national critical infrastructure without focused attention.



Recommendations:



We recommend that in pursuing the draft policy submitted to OMB for 

completion and the recommended review of U.S. space policies, the 

Director of OMB and the Assistant to the President for National 

Security Affairs review the scope and enforcement of existing security-

related space policy and promote the appropriate revisions of existing 

policies and the development of new policies to ensure that federal 

agencies appropriately address the concerns involved with the use of 

commercial satellites, including the sensitivity of information, 

security techniques, and enforcement mechanisms.



Considering the importance of satellites to our national economy, the 

government’s growing reliance on them, and the threats that face them, 

we recommend that the Assistant to the President for National Security 

Affairs, the Assistant to the President for Homeland Security, and the 

Special Advisor to the President for Cyberspace Security consider 

recognizing the satellite industry as either a new infrastructure or 

part of an existing infrastructure.



Agency Comments and Our Evaluation:



We received written comments on a draft of this report from the Deputy 

Assistant Secretary of Defense, Command, Control, Communications, 

Intelligence, Surveillance, and Reconnaissance (Space and Information 

Technology Programs), Department of Defense; the Chief of the Satellite 

Communications and Support Division, United States Space Command, 

Department of Defense; the Chief Financial Officer/Chief Administrative 

Officer, National Oceanic and Atmospheric Administration, Department of 

Commerce; and the Associate Deputy Administrator for Institutions, 

National Aeronautics and Space Administration. The Departments of 

Defense and Commerce and the National Aeronautics and Space 

Administration concurred with our findings and recommendations (see 

apps. II, III, and IV, respectively) and provided technical comments 

that have been incorporated in the report, as appropriate (some of 

these technical comments are reproduced in the appendixes).



We also received technical oral comments from officials from the 

Critical Infrastructure Assurance Office, Department of Commerce; 

Federal Aviation Administration, Department of Transportation; Office 

of Management and Budget; and United States Secret Service, Department 

of Treasury; in addition, we received written and oral technical 

comments from five participating private-sector entities. Comments from 

all these organizations have been incorporated into the report, as 

appropriate. We did not receive comments from the Special Advisor to 

the President for Cyberspace Security.



As we agreed with your staff, unless you publicly announce the contents 

of this report earlier, we plan no further distribution of it until 30 

days from the date of this letter. At that time, we will send copies of 

this report to other interested congressional committees and the heads 

of the agencies discussed in this report, as well as the private-sector 

participants. The report will also be available on GAO’s website at 

www.gao.gov.



If you have any questions about matters discussed in this report, 

please contact me at (202) 512-3317 or contact Dave Powner, Assistant 

Director, at (303) 572-7316. We can also be reached by E-mail at 

daceyr@gao.gov and pownerd@gao.gov, respectively. Contributors to this 

report include Barbara Collier, Michael Gilmore, Rahul Gupta, Kevin 

Secrest, Karl Seifert, Hai Tran, and Jim Weidner.



Sincerely yours,



Robert F. Dacey

Director, Information Security Issues:



Signed by Robert F. Dacey:



[End of section]



Appendixes:



Appendix I: Objectives, Scope, and Methodology:



Our objectives were to determine (1) what security techniques are 

available to protect satellite systems from unauthorized use, 

disruption, or damage; (2) how federal agencies reduce the risks 

associated with their use of commercial satellite systems; and (3) what 

federal critical infrastructure protection efforts are being undertaken 

to address satellite system security through improved government/

private-sector cooperation. To accomplish these objectives, we reviewed 

technical documents, policy documents, and directives, and we 

interviewed pertinent officials from federal agencies and the private 

sector involved in manufacturing and operating satellites and providing 

satellite services.



To determine what security techniques are available to protect 

satellite systems from unauthorized use, disruption, or damage, we 

reviewed technical documents and policy, such as NSTISSP No. 12 and 

various other sources, and we interviewed pertinent federal officials 

from the Department of Defense (DOD); the Federal Aviation 

Administration (FAA); the National Aeronautics and Space Administration 

(NASA), including the Goddard and Marshall Space Flight Centers; the 

National Oceanic and Atmospheric Administration (NOAA); the National 

Security Agency (NSA); and the Department of Treasury’s United States 

Secret Service. The DOD organizations whose documentation we reviewed 

and whose officials we interviewed included the Air Force; the Army; 

the Assistant Secretary of Defense for Command, Control, 

Communications, and Intelligence; the Cheyenne Mountain Air Force 

Station; the Defense Information Systems Agency; the National Security 

Space Architect; the Navy; and the U.S. Space Command. In addition, we 

reviewed documentation and interviewed officials from private-sector 

organizations that manufacture and operate satellite systems, including 

Intelsat, Lockheed Martin, Loral Space & Communications, Ltd. (Loral 

Skynet and Loral Space Systems groups), Northrop Grumman TASC, the 

Satellite Industry Association, and W.L. Pritchard & Co., L.C. We 

identified these organizations through relevant literature searches, 

discussions with organizations, and discussions with GAO personnel 

familiar with the satellite industry. We did not develop an all-

inclusive list of security techniques, but we attempted to establish 

the most commonly used of the security techniques available.



To determine how federal agencies reduce the risks associated with 

their use of commercial satellite systems, we identified and reviewed 

relevant federal policy, including National Security 

Telecommunications and Information Systems Security Committee policies 

and applicable federal agency policies, such as the FAA’s Information 

Systems Security Program Handbook. We also reviewed documentation and 

interviewed federal officials from DOD, FAA, NASA, NSA, and NOAA. In 

addition, in meetings with commercial service providers holding 

government contracts, we discussed any special requirements placed on 

commercial service providers by federal agencies.



To determine what federal critical infrastructure protection (CIP) 

efforts were being undertaken to address satellite system security, we 

reviewed various orders, directives, and policies, such as Executive 

Order 13231 and PDD 63. In addition, we interviewed pertinent federal 

officials from the Critical Infrastructure Assurance Office, National 

Communications System/National Coordinating Center for 

Telecommunications, and National Telecommunications and Information 

Administration. Further, in interviews with commercial service 

providers, we discussed their involvement in national CIP-related 

activities.



We performed our work in Washington, D.C.; Bedminster, New Jersey; 

Colorado Springs, Colorado; and Palo Alto, California, from December 

2001 through June 2002, in accordance with generally accepted 

government auditing standards. We did not evaluate the effectiveness of 

security techniques being used by federal agencies and the private 

sector, or of the techniques used by federal agencies to reduce the 

risks associated with their use of commercial satellite systems.



[End of section]



Appendix II: Comments from the Department of Defense:



COMMAND, CONTROL, COMMUNICATIONS, AND INTELLIGENCE:



OFFICE OF THE ASSISTANT SECRETARY OF DEFENSE 6000 DEFENSE PENTAGON 

WASHINGTON, DC 20301-6000:



Mr. Robert Dacey:



Director Information Security Issues US General Accounting Office 

Washington, DC 20548:



Dear Mr. Dacey;



This is the DoD response to the GAO draft report “CRITICAL 

INFRASTRUCTURE PROTECTION: Commercial Satellite Security Should Be More 

Fully Addressed”, dated June 25, 2002 (GAO Code 310142).



We appreciate the opportunity to respond to the subject GAO report. We 

have reviewed the report and concur with its recommendations.



There are two statements in the report that are not fully accurate and 

should be changed. Specifically on page 29 of the report, it states 

“DoD officials stated that only one military satellite constellation is 

compliant with NSTISSP No. 12”. This statement is in error. However, 

the details of DoD compliance to NSTISSP No. 12 for the various 

military constellations are complex and go beyond the scope of the 

report. Therefore, we recommend that the statement be deleted. The 

second statement, on page 17 of the report, states that Presidential 

Decision Directive (PDD) 49, does not address security of satellite 

systems. The PDD does address security of satellite systems in some 

respects; for instance Section III paragraphs 4 and 5 talk about 

assuring critical capabilities for space missions. Therefore, we 

recommend that the statement be rewritten to state that portions of the 

Directive need to be revisited.



We thank GAO for working with the Department on this report, and commit 

to support beneficial initiatives to improve security of commercial 

satellite security that may follow.



Sincerely,



Dr. Michael S. Frankel:



DASD(C3ISR, Space & IT Programs):



Signed By Dr. Michael S. Frankel:



[End of section]



UNITED STATES SPACE COMMAND:



MEMORANDUM FOR U.S. General Accounting Office ATTN: Mr. Dave Powner:



1244 Speer Blvd, Suite 116 Denver, Colorado 80204:



FROM: US SPACE COMMAND/J6:



250 S. Peterson Boulevard, Suite 116 Peterson AFB CO 80914-3050:



SUBJECT: GAO Job 310142 (Draft Study and Memo dated, 26 Jun 02):



1. In accordance with the GAO memo dated 26 Jun 02, USSPACECOM reviewed 

the Draft GAO Study “Critical Infrastructure Protection: Commercial 

Satellite Security Should Be More Fully Addressed” and has four 

substantive comments at enclosure 1.



2. The GAO study provides an accurate assessment of DoD’s Critical 

Infrastructure Protection concerning commercial satellite security.



3. The recommendation of including U.S. commercial satellites in the 

national CIP strategy is a proactive way of ensuring DoD and the US 

Government consider commercial satellites and their infrastructure are 

part of the overall national CIP. However, the industry may be 

reluctant to invest in the different forms and levels of protection 

without monetary incentive by the US Government.



4. Our point of contact is MAJ Thomas J. Mahoney at (719) 554-9783.



JOHN S.HAVEN II:



Colonel (S), USAF:



Chief, Satellite Communications and 

Support Division:



Signed by JOHN S.HAVEN II:



[End of section]



Appendix III: Comments from the Department of Commerce:



UNITED STATES DEPARTMENT OF COMMERCE National Oceanic and Atmospheric 

Administration CHIEF FINANCIAL OFFICER/CHIEFF ADMINISTRATIVE OFFICER:



Mr. Dave Powner Assistant Director Financial Markets and Community 

Investment US General Accounting Office 441 G Street, N.W. Washington, 

DC 20548:



Dear Mr. Powner:



Enclosed is the National Oceanic and Atmospheric Administration’s 

response to the draft report CRITICAL INFRASTRUCTURE PROTECTION: 

Commercial Satellite Security Should Be More Fully Addressed (GAO-02-

781). We appreciate the opportunity to provide comments.



Enclosure:



Sincerely,:



Sonya G. Stewart:



Signed by Sonya G. Stewart:



US. DEPARTMENT OF COMMERCE COMMENTS ON DRAFT GAO REPORT ENTITLED

CRITICAL INFRASTRUCTURE PROTECTION: Commercial Satellite Security 

Should Be More Fully Addressed:



GAO-02-781.



July 2002:



NOAH COMMENTS ON THE DRAFT GENERAL ACCOUNTING OFFICE (GAO) REPORT 

ENTITLED - CRITICAL INFRASTRUCTURE PROTECTION: Commercial Satellite 

Security Should Be More Fully Addressed, Audit Report Number GAO-U2-

781:



EDITORIAL. COMMENTS:



The National Oceanic and Atmospheric Administration (NOAA) agree that 

the information provided by the GAO concerning the agency’s actions to 

safeguard its satellite communications activities is accurate as 

reported. The following are a few specific editorial comments intended 

only to enhance the information provided by the National Weather 

Service:



Page 7, Table 1, NOAA/NWS - Under “Use of commercial satellites’; the 

table should read “To disseminate imagery, graphic, and text data on 

weather conditions around the earth.”:



Page 25, continuing paragraph, last sentence - After the phrase “but 

also to”, please add “other Government agencies, commercial partners, 

universities, and others...” Delete the word “anyone.”:



Page 25, first full paragraph, last sentence - Please insert the work 

“uplink” between communications and site.



[End of section]



Appendix IV: Comments from the National Aeronautics and Space 

Administration:



National Aeronautics and Space Administration:



Office of the Administrator Washington, DC 20546-0001:



July 30, 2002:



Mr. Robert F. Dacey Director:



United States General Accounting Office Washington DC 20548:



Dear Mr. Dacey:



NASA has reviewed the GAO Draft Report “CRITICAL INFRASTRUCTURE 

PROTECTION: Commercial Satellite Security Should Be More Fully 

Addressed” (GAO-02-781), and thanks you for the opportunity to review 

this report. We concur with the GAO recommendations with the comments 

shown in the enclosure.



Cordially,:



Michael D. Christensen Associate Deputy Administrator for Institutions:



Signed by Michael D. Christensen:



Enclosure:



[End of section]



FOOTNOTES



[1] National Air Intelligence Center, Threats to U.S. Military Access 

to Space, Document 1422-0989-98 (Wright Patterson Air Force Base, 

Ohio).



[2] Logical access controls involve the use of computer hardware and 

software to prevent or detect unauthorized access by requiring users to 

input user identification numbers (IDs), passwords, or other 

identifiers that are linked to predetermined access privileges.



[3] Office of Homeland Security, National Strategy for Homeland 

Security (Washington, D.C.: July 2002).



[4] All revenues include payments made to subcontractors.



[5] The amount for launch services includes revenues from both 

government-owned and commercially owned payloads.



[6] The manufacturing indicators include amounts from commercial 

companies manufacturing for both government and commercial customers.



[7] Wideband encompasses data rates greater than 64 kilobits per 

second.



[8] The Defense Information Systems Agency’s Commercial Satellite 

Communications Branch is responsible for leasing commercial satellite 

services for DOD.



[9] A transponder is an automatic device that receives, amplifies, and 

retransmits a signal on a different frequency.



[10] The greatly increasing number of commercial and military 

communications systems worldwide, including the growing number of 

satellites, is putting a high demand on certain frequency spectra. 

Orbital/spectral congestion may restrict the future use of potential 

orbits and frequencies, further complicate and lengthen host nation 

approval and landing rights processes, and require more sophisticated 

systems in terms of frequency agility, antennas, bandwidth-efficient 

modulation, and so forth to maximize flexibility. Such flexibility 

minimizes future risks arising from changes in spectrum allocation and 

the electromagnetic environment.



[11] The International Telecommunication Union is an international 

organization within the United Nations system in which governments and 

the private sector work together to coordinate the operation of 

telecommunication networks and services and advance the development of 

communications technology.



[12] The Federal Communications Commission is an independent U.S. 

government agency. The FCC was established by the Communications Act of 

1934 and is charged with regulating interstate and international 

communications by radio, television, wire, satellite, and cable. The 

FCC’s jurisdiction covers the 50 states, the District of Columbia, and 

U.S. possessions.



[13] Department of Defense, Advanced Military Satellite Communications 

Capstone Requirements (Colorado Springs, Colo.: Apr. 24, 1998).



[14] Report of the President’s Commission on Critical Infrastructure 

Protection, Critical Foundations: Protecting America’s Infrastructures 

(October 1997).



[15] See U.S. General Accounting Office, Critical Infrastructure 

Protection: Significant Challenges in Developing National 

Capabilities, GAO-01-323 (Washington, D.C.: Apr. 25, 2001) for our 

latest report on the progress of the National Infrastructure Protection 

Center.



[16] In 1963, the National Communications System was established by 

presidential memorandum as a federal interagency group responsible for 

national security and emergency preparedness telecommunications. These 

responsibilities include planning for, developing, and implementing 

enhancements to the national telecommunications infrastructure, which 

now includes the Internet, to achieve effectiveness in managing and 

using national telecommunication resources to support the federal 

government during any emergency.



[17] U.S. General Accounting Office, Combating Terrorism: Selected 

Challenges and Related Recommendations, GAO-01-822 (Washington, D.C.: 

Sept. 20, 2001).



[18] Office of Homeland Security, National Strategy for Homeland 

Security (July 2002).



[19] Information assurance refers to information operations intended to 

protect and defend information and information systems by ensuring 

their availability, integrity, authentication, confidentiality, and 

nonrepudiation. This includes providing for restoration of information 

systems by incorporating protection, detection, and reaction 

capabilities.



[20] Approved U.S. cryptographies are hardware, firmware, or software 

implementations of algorithms that have been reviewed and approved by 

the National Security Agency, the purposes of which are to provide 

authentication or confidentiality for national security information or 

systems.



[21] Two desired outcomes of using spread spectrum communications as a 

security technique are low probability of intercept and low probability 

of detection, which increase the difficulty of detecting and jamming 

signals. These outcomes, although not mentioned by entities in our 

review, require that the transmission occur in quick, random bursts to 

make it harder to detect, and that the signal is narrowed to make it 

harder to intercept. In contrast, most commercial satellites have a 

wide beam and continuous coverage, so that as many customers as 

possible can be covered by a limited number of satellites, thus driving 

up return on investment.



[22] Survivability is the property of a system, subsystem, equipment, 

process, or procedure that provides a defined degree of assurance that 

the named entity will continue to function during and after a natural 

or man-made disturbance, as for example a nuclear burst.



[23] Hardening of ground stations includes robust physical security 

features like blast resistant physical structures and radomes to 

protect antennas.



[24] Availability is the ratio of the total time a service is being 

used during a given interval to the length of the interval. For 

example, a service provider may state that its services will be 

available 99.99 percent over a year, which amounts to 53 minutes of 

accumulated outages for all causes over the course of the year. 

Additional decimal places, such as 99.999 percent, represent greater 

levels of availability. Federal Telecommunications Standards 

Committee, Telecom Glossary 2000 (Feb. 2, 2001).



[25] Reliability is the probability that a service will perform its 

required function for a specified period of time under stated 

conditions. Federal Telecommunications Standards Committee, Telecom 

Glossary 2000 (Feb. 2, 2001).



[26] Security is one of many factors that affect satellite availability 

and reliability. Others include weather and power outages.



[27] A key is a special value associated with an encryption algorithm 

that is used for coding and decoding.



[28] John A. Volpe National Transportation Systems Center, 

Vulnerability Assessment of the Transportation Infrastructure Relying 

on the Global Positioning System: Final Report (Aug. 29, 2001).



[29] U.S. General Accounting Office, Critical Infrastructure 

Protection: Federal Efforts Require a More Coordinated and 

Comprehensive Approach to Address Information Attacks, GAO-02-474 

(Washington, D.C.: July 15, 2002).



GAO’s Mission:



The General Accounting Office, the investigative arm of Congress, 

exists to support Congress in meeting its constitutional 

responsibilities and to help improve the performance and accountability 

of the federal government for the American people. GAO examines the use 

of public funds; evaluates federal programs and policies; and provides 

analyses, recommendations, and other assistance to help Congress make 

informed oversight, policy, and funding decisions. GAO’s commitment to 

good government is reflected in its core values of accountability, 

integrity, and reliability.



Obtaining Copies of GAO Reports and Testimony:



The fastest and easiest way to obtain copies of GAO documents at no 

cost is through the Internet. GAO’s Web site ( www.gao.gov ) contains 

abstracts and full-text files of current reports and testimony and an 

expanding archive of older products. The Web site features a search 

engine to help you locate documents using key words and phrases. You 

can print these documents in their entirety, including charts and other 

graphics.



Each day, GAO issues a list of newly released reports, testimony, and 

correspondence. GAO posts this list, known as “Today’s Reports,” on its 

Web site daily. The list contains links to the full-text document 

files. To have GAO e-mail this list to you every afternoon, go to 

www.gao.gov and select “Subscribe to daily E-mail alert for newly 

released products” under the GAO Reports heading.



Order by Mail or Phone:



The first copy of each printed report is free. Additional copies are $2 

each. A check or money order should be made out to the Superintendent 

of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 

more copies mailed to a single address are discounted 25 percent. 

Orders should be sent to:



U.S. General Accounting Office



441 G Street NW,



Room LM Washington,



D.C. 20548:



To order by Phone: 	



	Voice: (202) 512-6000:



	TDD: (202) 512-2537:



	Fax: (202) 512-6061:



To Report Fraud, Waste, and Abuse in Federal Programs:



Contact:



Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov



Automated answering system: (800) 424-5454 or (202) 512-7470:



Public Affairs:



Jeff Nelligan, managing director, NelliganJ@gao.gov (202) 512-4800 U.S.



General Accounting Office, 441 G Street NW, Room 7149 Washington, D.C.



20548: