GAO-02-402RNI: Space Surveillance Network: Appropriate Controls Needed Over Data Access
United States General Accounting Office
Washington, DC 20548
April 22, 2002
The Honorable Christopher Shays
Chairman, Subcommittee on National Security, Veterans’ Affairs, and International Relations
Committee on Government Reform
House of Representatives
Subject: Space Surveillance Network: Appropriate Controls Needed Over Data Access
Dear Mr. Chairman:
Government agencies and commercial firms rely almost exclusively on data generated by the U.S. space surveillance network to ensure safe and effective operations1 when launching and operating a defense surveillance or communications satellite, the space shuttle, or a commercial weather or communication satellite. Space surveillance involves the continuous detection, tracking, identification, cataloging, and monitoring of man-made objects orbiting the earth, including active and inactive satellites and space debris from spent rocket bodies and fragmentation. Space surveillance data can also be useful to the U.S. government and others for strategic and military purposes. The U.S. Space Command within the Department of Defense (DOD) maintains and operates the network and provides surveillance data to the National Aeronautics and Space Administration (NASA), which makes the data available via its Web site to commercial and foreign entities and other U.S. government agencies.
1 The space surveillance network is composed of over 40 optical, radar, and passive radio frequency sensors, located worldwide, and connected through 4 command and control facilities.
In April 2001, you requested that we review several DOD space surveillance network issues. In the course of our effort, we discovered a specific data security issue that we are bringing to your attention in this report. In a separate report to you, we will provide the results of our broader review.
In summary, DOD officials told us that users who have access to certain space surveillance data could have enough information to attempt to damage or jam satellites or move military and other assets at appropriate times to avoid detection. Potential security risks from unauthorized access exist because NASA does not verify the identity of Web site users of space surveillance data, and individuals from countries that are not authorized access can still obtain the data. Although NASA manually checks the Internet address to determine the locality given when a user registers for space surveillance information, the actual origination of that Internet address cannot be verified because a user can access the NASA Web site through intermediary Web sites or an Internet service provider in a country that has not been proscribed. Therefore, we are recommending that the secretary of defense and the NASA administrator conduct a risk-based assessment of the sensitivity of the space surveillance information available on the NASA Web site and establish a process to appropriately control access to such information.
In its written response to a draft of this letter, DOD stated that in 1999 it assessed the NASA Web site data and found no threat to national security. Nevertheless, in light of the heightened security risks, both DOD and NASA concurred with our recommendation to conduct an assessment of the data.
BACKGROUND
The U.S. Space Command in DOD has responsibility for maintaining and operating the space surveillance network, supported by three component commands: the Air Force Space Command, the Navy Space Command, and the Army Space Command. The U.S. Space Command collects space surveillance data through its worldwide sensors, processes the data, and sends the unclassified portion of the data to the NASA Goddard Space Flight Center. NASA then combines this data with a small amount of its own data and makes the data available for free to users on its Web site.
The space surveillance information that is available on the Web site consists of general space surveillance data and more specific data in sets, called two-line elements. Each two-line element provides six items of information: three related to an object’s position and three related to its velocity. Two-line elements provide users which have the appropriate software with sufficient data to determine an object’s location and track the path of its orbit.
Until recently, NASA provided Web site information at four different levels of access: unregistered users, trial users, registered users, and super users. Unregistered users are from the general public and could access the Web site without identifying themselves. While they do not have access to two-line elements, they could access general space surveillance data, such as the U.S. Space Command’s catalog of man-made objects in space and launch dates. Unregistered users conducted over 100,000 “hits” monthly on the NASA Web site during 2001. Trial users who provided some information on their identities, including their names, email addresses, and countries, gained access to up to 20 two-line elements per day for 14 days. If trial users did not elect to become registered users within 14 days, their accounts expired. Registered users who provided additional information about their identities such as street addresses, phone numbers, and organizations, gained access to up to 500 two-line elements per day. As of February 21, 2002, there were 1100 registered users. Super users — who were required to identify themselves and justify their needs for the information — could access all two-line element data on the Web site without restrictions. Only super users have had to be evaluated by NASA before obtaining their status, and users from certain countries were not allowed that status. On February 21, 2002, there were 21 super users, 11 foreign, of which 6 represented commercial firms and 5 represented governments.
UNAUTHORIZED ACCESS COULD COMPROMISE MILITARY, ANTIDRUG EFFORTS
Access by unauthorized users to space surveillance data could pose a potential security risk. Air Force Space Command officials told us that registered users who can access up to 500 two-line elements per day could have enough information available to them to permit them to attempt to damage or jam the satellites or to move military or other assets at appropriate times to avoid detection. In combination with other information from widely available sources such as magazines, information from the space surveillance network could permit a determined adversary to put civilian and military satellites at risk of denial or deception.
Access to this data by unauthorized users could compromise DOD’s effort to gather information on adversaries engaged in military operations, drug smuggling, or other illegal activities, by providing them with a means to avoid detection. For example, movement of assets may be timed to coincide when there is no satellite coverage.
NASA officials disagreed with DOD’s position, saying that they did not believe that there was reason for concern since the data provided to users was not very accurate. While Air Force Space Command officials also noted that classified information on satellites is not available on the NASA Web site, and the data available is of low quality and non real time, they still believe a potential risk exists. In fact, the Air Force Space Command is working on an assessment of the sensitivity of the space surveillance data that is on the NASA Web site.
NASA DOES NOT FULLY CONTROL ACCESS TO SPACE SURVEILLANCE DATA ON ITS WEB SITE
During our review, we brought to NASA’s attention a potential security concern that it attempted to address. NASA instituted a manual review of applicant information on September 20, 2001, after we pointed out examples of questionable registered users, such as one with the name of “newboy,” from Afghanistan, who registered on September 12 — the day after the World Trade Center attacks — as well as two others from China, both also named “newboy,” who registered on September 12 and September 18. In the past, only super users have had to go through an evaluation process to obtain access to the data and individuals from 43 countries were never given super user status. These countries included those that NASA identified as having no diplomatic relations with the United States, are supporting terrorism, being under U.S. sanction or embargo, or being denied access to U.S. missile technology. Subsequent to conversations with us, NASA decided to manually block access to all data for individuals who had identified themselves as coming from any of the 43 proscribed countries.
While NASA checks the Internet addresses to determine the locality given when users register, the actual origination of those addresses cannot be verified because users can mask their Internet protocol addresses by registering through an intermediary Web site or using an Internet service provider in a country that has not been proscribed. Once a user has successfully registered, NASA does not have any technical controls in place to prevent access from anywhere, including those countries that are proscribed. As a result, users that NASA intends to block from obtaining space surveillance data could still obtain access to it.
RECOMMENDATION FOR EXECUTIVE ACTION
Given the potential effects of unauthorized access to space surveillance data, we recommend that the secretary of defense and the administrator of NASA conduct a risk-based sensitivity assessment of all space surveillance information available on the NASA Web site. In conducting this assessment, DOD and NASA should consult the appropriate intelligence agencies. In order to make NASA’s restrictions to its Web site effective, we recommend that the administrator of NASA establish a process, commensurate with the risk, to ensure that access to such information is controlled.
AGENCY COMMENTS
NASA and DOD provided written comments on a draft of this letter in which they stated that in 1999 an assessment was conducted on the space surveillance data posted on the NASA Web site and found it posed no threat to national security. However, both DOD and NASA concurred with our recommendation to conduct an assessment of the data, in light of the current threat and heightened sensitivity to exploitation of defense data. As a result, DOD is tasking the U.S. Space Command to provide a risk assessment of the NASA Web site by September 30, 2002.
NASA’s and DOD’s comments are included in this report as separate enclosures.
SCOPE AND METHODOLOGY
To acquire information about the role of NASA in space surveillance, the NASA Web site, the users of the Web site, and the security of the Web site information, we interviewed NASA officials at U.S. Space Command, Peterson Air Force Base, Colorado Springs, Colorado, Johnson Space Center, Houston, Texas, Goddard Space Flight Center, Greenbelt, Maryland, and NASA headquarters in Washington, D.C. We also reviewed NASA policy, procedures, and memorandums of agreement for providing space surveillance to U.S. government agencies and commercial and foreign entities; information on the NASA Web site and the costs to operate it, and documentation on the users of the site. Finally, we gained the views of officials from the U.S. Air Force Space Command, Peterson Air Force Base, on the issue of the potential impact of unauthorized access to space surveillance data.
We conducted our work from May 2001 through January 2002 in accordance with generally accepted government auditing standards and generally relied upon agency provided data.
We are sending copies of this letter to the Chairmen and Ranking Minority Members of the Senate Committee on Appropriations, Armed Services, and Governmental Affairs and the House Committee on Appropriations, Armed Services, and Government Reform. We will also send copies to the Secretary of Defense and the Administrator of NASA.
If you have any questions, or need additional information, please call me at (202) 512-4841. Major contributors to this letter are James Solomon, Lon Chin, Maria Durant, Rahul Gupta, Sigrid McGinty, and Bob Swierczek.
Sincerely yours,
[Signed]
R.E. Levin
Director Acquisition and Sourcing Management
Enclosures
Enclosure I
Comments from the National Aeronautics and Space Administration
NASA
National Aeronautics and
Space Administration
Office of the Administrator
Washington, DC 20546-0001
March 12, 2002
Mr. Robert E. LevinDirector
Acquisition and Sourcing Management
United States General Accounting Office
Washington, DC 20548
Dear Mr. Levin;
NASA has reviewed the draft GAO report “Space Surveillance Network: Appropriate Controls Needed Over Data Access” (120058) and thanks you for the opportunity to provide comments.
NASA concurs with the GAO recommendation to conduct a joint USSPACECOM/NASA risk assessment of the Orbital Information Group (OIG) Web site. We believe that the adjustments made to the Web site resulting from an earlier analysis by USSPACECOM are adequate; however, in light of the events of September 11, 2001, we agree that a joint re-evaluation is prudent. NASA will work with USSPACECOM in assessing potential risks. Further, it is assumed that the risk assessment will be led by USSPACECOM.
NASA has no plans to further restrict access to the OIG Web site at this time, unless requested to do so by USSPACECOM.
Recommendations:
GAO provide the draft report to USSPACECOM for their official review and comment.
Page 2, first new, paragraph — Change “In summary, DOD officials… ” to “In summary, Air Force Space Command officials… .” JUSTIFICATION — The GAO identified the source of the concern in page 3 under the section “UNAUTHORIZED ACCESS … “
Page 3, Change “Unregistered users conducted… ” to “Users conducted… ” JUSTIFICATION — Mr. Barker provided information in the February 21, 2002, telecon that the count was based on ALL users.
Pages 3 and 4, The first two paragraphs of the GAO finding section “UNAUTHORIZED ACCESS… ” appears to contain incorrect information and should be further substantiated, reworked, or removed. The conclusion GAO appears to reach as a result of discussions with Air Force Space Command is not compatible with NASA’s understanding of the U.S. Space Command’s assessment of the potential risk.
Page 5, RECOMMENDATION — NASA suggests the following rewording:
“Given the potential effects of unauthorized access to space surveillance data, we recommend that U.S. Space Command conduct a risk based sensitivity assessment of all space surveillance information that they make available to NASA for the OIG Web site. In conducting this assessment, U.S. Space Command should work with NASA and consult appropriate intelligence agencies. This assessment should also determine the costs and benefits of any reduced access to unclassified space surveillance data, both to national security interests, and to other Government, commercial and foreign space community interests.”
Cordially,
[Signed]
Michael D. Christensen
Associate Deputy Administrator for Institutions
Enclosure II
Comments from the Secretary of Defense
OFFICE OF THE ASSISTANT SECRETARY OF DEFENSE
6000 DEFENSE PENTAGON
WASHINGTON. DC 20301-6000
Command, Control, Communications, and Intelligence
March 5, 2002
Robert L Levin
Director, Acquisition and Sourcing Management
U.S. General Accounting Office
441 G. Street N.W.
Washington DC 20548
Dear Mr. Levin,
This is the Department of Defense (DoD) response to the GAO draft report, “SPACE SURVEILLANCE NETWORK: Appropriate Controls Needed Over Data Access,” dated February 19, 2002 (GAO Code 120058/GAO-02-402R).
The Department concurs with the recommendation to work with the National Aeronautics and Space Administration (NASA) to asses potential security risks posed by space surveillance information available on the NASA website. US Space Command (USSPACECOM) did assess the website in 1999 and found it posed no threat to national security, contrary to comments attributed to the DoD on pages 3 and 4 of the draft GAO report. However, we do agree with the GAO that it is prudent to reassess the website in light of heightened security risks. Therefore, our office will ask USSPACECOM to work with NASA to provide an updated risk assessment back to us by September 30, 2002. Please see detailed comments in the attachment.
Additionally, we request the GAO refrain from posting the final report on their worldwide website until USSPACECOM completes the risk assessment, takes any necessary corrective actions, and performs a security review of the final report. Posting the report on a public website at this time may draw attention to a potential security risk that may be exploited. My action officer for this effort is Major Michael Ward, (703) 607-1064.
Sincerely,
[Signed]
JAY S. SNOWDON, CAPT. USN
Director Space Systems
Attachment: As Stated
____
GAO REPORT – DATED February 19, 2002
(GAO CODE 120058/GAO-02-402R)
“SPACE SURVEILLANCE NETWORK Appropriate Controls Needed Over Data Access”
A. DEPARTMENT OF DEFENSE RESPONSE
Recommendation: The GAO recommends DoD and NASA assess the security risks posed by availability of space surveillance data available on NASA’s website. (pp 5/GAO Draft Report)
DOD Response: Concur with comments.
US Space Command (USSPACECOM/J33) performed a security assessment of the space surveillance information available on NASA’s website in March 1999. USSPACECOM performed this review in consultation with NASA and the appropriate intelligence agencies. The review resulted in the following determinations, which are contrary to the information attributed to DoD officials on pages 3 and 4 of the draft report:
1) Data required to damage or jam a DOD satellite, or move assets to avoid detection, is not accessible from the NASA web site.
2) Unauthorized access to NASA’s web site would not compromise military or anti-drug efforts.
3) Information accessed from the NASA web page would not allow a determined adversary to put military satellites at greater risk of denial or deception.
4) Access to this data by unauthorized users would not compromise DOD’s efforts to gather information on adversaries engaged in military operations, drug smuggling, or other illegal activities, and does not provide them with an inexpensive means to avoid detection.
However, in light of the current threat condition and heightened sensitivity to exploitation of defense data, the Department agrees with the GAO that it is prudent to reassess the security risks of the NASA website. Toward that goal, the Assistant Secretary of Defense for Command, Control, Communications and Intelligence (ASD/C3I) will task USSPACECOM to provide an updated risk assessment of the website by September 30, 2002. USSPACECOM will perform this assessment in coordination with the Air Force, NASA, and appropriate intelligence agencies.
B. ADMINISTRATIVE COMMENTS: We provide the following administrative comments for consideration by the GAO.
1) We request the GAO refrain from posting the final report on their world-wide website until the USSPACECOM completes the risk assessment, takes any necessary corrective actions, and performs a security review of the final report. Posting the report on a public website at this time may draw attention to a potential security risk that may be exploited.
2) We request the GAO allow the DoD to perform a security review of the final report prior to release.
3) We recommend adding a comma to the footnote on page 1 of the draft report, such that it reads, “… over forty optical, radar and passive radio frequency sensors… “