Researchers at the National Security Agency are using artificial intelligence to characterize strange behaviors in small satellites to understand if they’ve secretly been brought under adversarial control.

“We’re looking at a way to characterize telemetry data so that as we deploy new satellites, we can make adjustments,” said Aaron Ferguson, the technical director of the encryption solutions office of NSA’s Capabilities Directorate, said at a Defense One event on Tuesday.

“Now, if you talk to a variety of analysts, and I have at NASA, they’ll say, ‘Oh, we’ve got this under control. We checked the data twice, three times,’ Ferguson said. “But we really don’t know, because there is so much data that they really don’t know if something is going wrong. They’ll say, ‘It’s just orbital debris that bumped into the satellite and knocked it off its trajectory.”

Said Ferguson, most small sats are deployed to a very specific region in low Earth orbit, so those satellites that move outside of that place or that are deployed elsewhere are exhibiting unusual, or anonymous behavior. That behavior could suggest a serious compromise but humans by themselves don’t always notice it and don’t have the capacity to reach a determination quickly, as there is often too much data. “Can we characterize small sat behaviors to be good? Bad, or I don’t know?’” said Ferguson, who emphasized that the effort was not yet a program, but an active experimentation that might one day lead to a program.

Additionally, he said his team was also looking to see “how can we deploy some type of malware to a small sat, through a ground station,” to better judge the threat to small satellites.

Why is that important? If you’ve paid any attention to the military discussion about the use of space over the past couple of years, you’ve probably heard two key points. The first is that the United States is planning to put vast constellations of small satellites in low Earth orbit in the coming years, where they offer new, faster ways for the military to collect intelligence and communicate. You’ve also likely heard that U.S. officials are very worried about new and growing threats to its assets in space. But the vast volume of data coming from small satellites may make it difficult to determine if they’ve been compromised by an adversary.

Satellite Hijacks: a Real Thing

“It absolutely is possible to conduct cyber attacks against satellites,” said Brian Weeden, director of program planning for Secure World Foundation. “Satellites and their ground systems are increasingly just computers running some specialized software, but they often run common OSes like Unix or Linux. They are vulnerable to many of the same cyber attacks as every other computer system out there...You generally need access to a specialized ground antenna and wait for the satellite to pass overhead before sending it commands. But if you can hack into the computers controlling that antenna, then you could be in business.”

So-called “control hacking” of a satellite isn't as easy as trying to steal someone’s email, but it can be done, according to Bill Malik, the vice president of infrastructure systems at cybersecurity firm Trend Micro. You need to attack either the ground station controlling the satellite, either directly, via a physical attack, or via very special equipment to trick the satellite into mistaking you, the attacker, for the ground station.

Presenting his findings on the topic at the RSA Security conference in May, Malik said there are six known examples of hackers successfully interfering with or even commanding unauthorized maneuvers of NASA satellites before 2011. Five of those took place in relatively quick succession in 2007 and 2008.