[UPDATED] Russian GPS-Alternative Satellites Went ‘Illegal/Failure’: Solar Storm Damage or Cyberwar in Space?


[Update at end of article.Rayne 6:45 pm EST]

Between 1030 and 0400 UTC last night or early morning, most of Russia’s GLONASS satellites reported “illegal” or “failure” status. As of this post, they do not appear to be back online.

GLONASS is the equivalent of GPS, an alternative global navigation satellite system (GNSS) launched and operated by Russian Aerospace Defense Forces (RADF). Apart from GPS, it is the only other GNSS with global capability.

It’s possible that the outage is related to either a new M-class solar storm — the start of which was reported about 48 hours ago — or recent X-class solar flare on March 29 at approximately 1700 UTC. The latter event caused a short-term radio blackout about one hour after the flare erupted.

But there is conjecture that GLONASS’ outage is human in origin and possibly deliberate. The absence of any reported outage news regarding GPS and other active satellite systems suggests this is quite possible, given the unlikelihood that technology used in GLONASS differs dramatically from that used in other satellite systems.

At least one observer mentioned that a monitoring system tripped at 21:00 UTC — 00:00 GLONASS system time. The odds of a natural event like a solar storm tripping at exactly top of the hour are ridiculously slim, especially since radiation ejected from the new M-class storm may not reach its peak effect on earth for another 24-48 hours.


It’s not clear whether the new GLONASS-M satellite launched March 24th may factor into this situation. There are no English language reports indicating the new satellite was anything but successful upon its release, making it unlikely its integration into the GLONASS network caused today’s outage.

If the outage is based in human activity, the problem may have been caused by:

— an accidental disabling here on earth, though RADF most likely has redundancies to prevent such a large outage;

— deliberate tampering here on earth, though with RADF as operator this seems quite unlikely; or

— deliberate tampering in space, either through scripts sent from earth, or technology installed with inherent flaws.

The last is most likely, and of either scripts sent from earth or the flawed technology scenarios, the former is more likely to cause a widespread outage.

However, if many or all the core operating systems on board the GLONASS satellites had been updated within the last four years – after the discovery of Stuxnet in the wild – it’s not impossible that both hardware and software were compromised with an infection. Nor is it impossible that the same infection was triggered into aggressive action from earth.

Which begs the question: are we in the middle of a cyberwar in space?


Sources report the GLONASS satellite network was back online noon-ish Russian time (UTC+4); the outage lasted approximately 11 hours. Unnamed source(s) said the outage was due to the upload of bad ephemeris data, the information used by the satellites to locate other satellites in space. An alleged system-wide update with bad data suggests RADF has serious problems with change management, though.

There is speculation the M-class solar storm, summarized at 1452 UTC as an “X-ray Event exceeded M5,” may have impacted GLONASS. However early feedback about radiation ejected by an M-class storm indicated the effects would not reach earth for 24-48 hours after the storm’s eruption.

10 replies
  1. LieparDestin says:

    Seeing as the Russians are our Astronauts taxi to/from the ISS, a cyber-war in space is probably a horrible idea.

  2. Jim Willis says:

    The monitoring system is probably sampling the GLONASS signal once per minute and, if it’s running on any common operating system, is itself synchronized to some time standard. If that’s so, then it’s not surprising that the failure is recorded at the top of the hour.

    The most likely culprit is a bad software update by the Russians.

    • Rayne says:

      So you think it’s plausible that the Russian military has such piss-poor change management that they’d update all their satellite constellation at the same time? While the same military is moving defense resources, and in spite of the numerous commercial and individual users relying on 100% uptime?

      In the mean time, we already know that:

      — Russia has seen Stuxnet-like malware in nuclear energy infrastructure;

      — There has been non-specific malware onboard the International Space Station ;

      — Conficker ver A, posited as a precursor to Stuxnet, “…would not infect systems whose keyboard language layout was set to Ukrainian or that had a Ukrainian IP address,” [pdf] suggests a malware-as-cyber-weapon capability that could be used against anti-Ukrainian technology;

      — Russia itself has conducted cyber warfare in sync with traditional military action (DDoS against Georgia in 2008, see previous link above).

      What’s also rather telling is the lack of response to the outage on the Information-Analytical Center website save for the real-time monitoring graphics at the left side of page. Zippo. Nada. As if it never happened.


  3. C says:

    It would be a bit odd to do this and then do nothing else. Russian forces are not presently invading anyone and probably do not require GLONASS to find Kiev even if they were. So if it is a deliberate cyberwar in space why? Who would find value in disabling this now and then not say pairing it with an invasion of Russia?

    One other possibility is that this is an accidental attack. Someone may have been testing or just messing with an existing capability and have triggered this live without meaning to. In that event this would get real ugly real fast.

  4. jonahbeckins@ says:

    Think “order of battle”. Rus GPS system software was likely “public”. Rus takes system off line to replace old compromised software with new more robust, more secure software. Then a few days testing-debugging. It then must be used in Rus’ nefarious plans for Ukraine before it is strategically comprised. Hold on to your butts!

    • Rayne says:

      I seriously doubt the RADF would take the entire network of satellites down for 8-12 hours without any advance notice to users. This would tip their hand in the most obvious way possible.

      This whole situation reads to me like a “F*ck you, you’re touchable” message. The questions I have: who sent it,  from where, and who/what was the intended target?

  5. James Johnson says:

    The satellite ephemeris (broadcast orbits) has to be updated every few hours in order to get good positioning results. It is an operational task to upload new SV orbits on a regular basis. The Glonass system uses an orbit format that is not very stable over long periods of time. The US GPS systems uses a much longer orbit message that includes keplarian orbital parameters and is useable for a much longer period of time that Glonass orbit data. Glonass primarily sends a time tagged position, velocity and acceleration record of the satellite at a given point of time. This epoch data can be extrapolated in time around the time tag of the full position information for several hours, but accuracy degrades quickly after that.

    Most likely there was a problem with the upload. This is a pretty major failure though, and it is surprising that this happened. Thankfully pretty much all GPS receivers use the US NAVSTAR GPS as the primary service and only use GLONASS to supplement the solution. The addition of GLONASS SVs can have a great benefit when there a low number of GPS SVs available (i.e. in urban canyons). If a system wide outage of GPS occurred that lasted even an hour, it would be a major catastrophe. More and more life critical applications now depend on GPS, an obvious example is the use of GPS in flight navigation for IFR.

    Another possibility is that the Russians were testing a secret selective availability mode that would allow them to deny use of Glonass to non military users. If they encrypted the ephemeris in a way that only special receivers could decode, then they could deny GPS to non Russian military users. A likely scenario would be to jam US GPS in a theater of operation and encrypt the Glonass ephemeris.

  6. Random says:

    FYI, the GLONASS satellites transmit a different data set on the millitary P-code channel which is in phase quadrature to the civil code. The ephemeris data broadcast on the P-code channel uses 50bps without a manchester meander code, and broadcasts extra bits of precision for the effects of clock drift and luni-solar acceleration.

    It is possible that the the ‘bad data’ only affected the civil data stream, which would mean that from the perspective of the people who own the system there was no outage or problem.

    I give this incident 50/50 odds of being an intentional Russian test of what would happen if they ‘switched off’ the civilian side of GLONASS during a conflict.

Comments are closed.