As the low Earth orbit market prepares to double over the next
five years, to the tune of around $20 billion, we sit on the edge of a new
space race. However, amid rapidly falling launch costs and a host of
technological advancements, it’s safe to say that this race is heading into new
territory.
These digitizations relate to the role of sensors and data
processing, and a plethora of applications that aid ground control and
observation operations.
One segment of the race that is still yet to pick up speed,
however, relates to cybersecurity. The implications of attacks on satellites
are self-evident, but the resilience and protection of these galactical systems
require further exploration and a mass team effort.
Familiarity in Space
The difficulties that come with protecting devices in space comprise
multiple complex systems within systems — each playing different roles and
being deployed by different players.
Satellites are effectively just platforms with embedded systems
and interfaces, including radio communications, telemetry tracking control
systems, and ground segment connections. These are all essentially enterprise
networks, but that also makes them avenues of opportunity for
cybercriminals.
These systems are underpinned by a complex supply chain — another
prime target for attackers, as we’ve seen on the ground through examples like
SolarWinds, where the supply chain served as a gateway to all other interfaces.
Not only does this make systems in space more familiar than you
might think, it also makes them more challenging to defend.
As such, the satellite door is potentially being left ajar to
hacktivists, financial crusaders, and state-acting spies who can use their significant resources to target other countries’ prized
space assets.
The “How” and “Why” of Space Attacks
Why attack space when there are systems on land?
The answer is twofold, based on how familiar these satellite
platforms actually are, and what attackers stand to gain by infiltrating them.
Addressing the former, “under the hood” of a satellite
is a platform. More often than not, the embedded system within that platform
may be as recognizable as a Linux operating system. And while the operations of
the satellites themselves have traditionally been bespoke to offset that
vulnerability, that too is now changing, as the market becomes more
commercialized and accessible.
Any good hacker or threat actor will be familiar with the
operating system, and once administration rights are attained to the
environment, access to cameras, orientation, and all other interfaces becomes
much more plausible.
And this “how,” leads to the “why.” A case
study from earlier this year saw an outage of the Viasat network across Europe,
at almost the exact time Russian troops entered Ukraine. As well as being a
commercial broadband provider, Viasat is also used by the Ukrainian military.
On closer inspection, the main damage seemed to be collateral across the
continent, as a result of a misconfiguration sent down to modems.
However, upon even closer testing of the memory chips from these
modems, it was revealed that they had essentially been wiped out, akin to
wiping the operating system from a PC. The most plausible theory is that
attackers gained access to the internal management system through a
misconfiguration, developed malware to deploy across the network to wipe the modems,
and pushed that malware through on the day of the invasion. It wasn’t the
satellite itself that was being targeted — it was merely a portal to impact
connections and operations on the ground.
Recognizable Defenses
This link between space and Earth is what makes cybersecurity
advancements in this sector so critical. Satellites in themselves are
fascinating and mysterious because of the technology behind them and their
locations. But, more often than not, they’re simply portals to information we’re
trying to acquire, monitor, or use to inform decisions down on the ground.
Yes, this makes their breaches more concerning, but on a positive
note, it also means the response in terms of defense can lean on familiar
processes and technologies used in more reachable areas of our lives.
For example, running trusted code from equally trusted sources can
be achieved through Trusted Platform Module (TPM) chips, which we find in
mobile phones. Novel encryption approaches that we use to defend enterprise
networks could also be applied to the data equation to offset the risk of
jamming, spoofing, or relay attacks. Segmentation and using zero-trust
architectures are further examples of enterprise strategies, alongside stronger
authentication protocols for users, to better protect ground stations.
And all of this must be backed up by enhanced supply chain
security where software bills of materials (SBOMs) should become more common practice.
A Sprint and a Marathon
The space race is just that: a race. Just as the landscape has
evolved rapidly in recent years, it will continue to do so moving forward, and
scenario planning will form a big part of cybersecurity strategy to ensure
better futureproofing than we’ve had until now.
We’re on the precipice of a new space era, and have time to get
these agile and adaptable best practices in place before the attack landscape
evolves in tandem. Building systems that can withstand attacks, segment risks,
and contain breaches needs to be a culmination of this more concerted testing
and scenario planning.
But it can’t be done in isolation. The space race is a relay — a
team sport where information must be generated through collaboration. Not only
will this ensure a speedier launch from the new starting line, but it will give
this effort endurance as the sprint turns into a marathon over the years to
come.
