In recent years, there has been a growing interest in the use of satellites for a variety of applications, including communications, navigation, and Earth observation. This has led to the development of large constellations of satellites in low Earth orbit (LEO). While these constellations offer a number of advantages, they also present new challenges, including the increased risk of cyber attacks.
As our dependence on technology continues to grow, so does our reliance on satellites and low-earth orbit constellations. These assets, critical to the functioning of modern communication and navigation systems, are increasingly vulnerable to cyber-attacks. Defending these space assets is critical to ensuring continued global connectivity and security. In this article, we will explore the importance of cyber security for satellites and low earth orbit constellations and the measures that can be taken to protect them.
Historically Space assets were mostly either unprotected or had minimal protection against cyber-attack. For example, the Iridium satellite network that was built in the 1980s, the messages are sent in plaintext format using the GSM standard, whose specification is completely public. Today, components, such as the software-defined radio can be brought of the shelf that the Chaos hackers used to eavesdrop on Iridium’s unencrypted messages.
The military is also critically dependent on Space assets their communications, situational awareness, Navigation, and timing. Military strategic and tactical missile systems rely on satellites and the space infrastructure for navigation and targeting, command and control, operational monitoring and other functions. However, insufficient attention has been paid to the increasing vulnerability of space-based assets, ground stations, and associated command and control systems.
Vulnerabilities abound even in highly sensitive systems, such as civilian and military satellite constellations that are used for communications, navigation, time synchronization for distributed systems (think “power grid”), weather forecasting, and deterrence weapon systems.
For example, many military constellations rely on encrypted transmissions from the ground-control segment to the spacecraft, but have no further defenses, such as least permissions, intrusion detection, and mitigation, should an attacker manage to circumvent the encryption.
Meanwhile, malicious cyber activity is constantly evolving, and cyberattackers are becoming ever more imaginative. From compromising the software in-ground systems and stealing sensitive data to jamming satellite signals, hacking in-orbit satellites, and using spy satellites, their techniques are becoming more and more innovative and can have significant consequences for civil and military users.
In 2022, we saw that cyberattacks on satellites servicing one country could disrupt critical national infrastructure in another. In February 2022, just as the Russian invasion of Ukraine started, a large number of satellite modems in Ukraine and elsewhere in Europe were subject to a cyberattack and disabled, requiring global operator Viasat to do a hard-reset following which it could continue to deliver vital communication, including to Ukrainian refugees in neighboring Slovakia.
The conflict in Ukraine has nonetheless demonstrated that space has been and will continue to be extremely relevant at times of geopolitical conflict. As these trends are likely to continue, we will see new threat actors, targeting space systems to impact the critical services enabled by satellites.
Traditionally, space and terrestrial systems were largely isolated from each other, each serving a different set of users and requirements. This model has changed in recent years, as systems become more complex with greater interconnections between Earth-Space networks. Future generations of smartphones, for instance, may well have satellite messaging capabilities for emergency communication where there is no terrestrial connectivity.
Digital transformation has also resulted in the establishing of interfaces between systems and, more importantly, across traditional trust boundaries (partners, customers, etc.). The supply chain for hardware and software is dependent on multiple component parts, making it difficult to identify responsibility and liability for the ultimate security and resilience of the services supplied.
Furthermore, adoption of large satellite constellations is driving the number and complexity of ground control and service support infrastructures, thereby increasing the potential attack surface.
Cyberattacks on satellites could cause disruption to internet services and loss of connectivity can disable remotely controlled systems (a wind farm was shut down in a recent attack). Loss of positioning signals can disrupt air transport, road traffic and shipping, but can also affect the synchronization signal needed for banking transactions and other operations relying on very low-latency networks. Interference with satellite imagery services can compromise military intelligence and invalidate scientific studies by altering their source data. Cyberattacks can undermine the integrity of strategic weapons systems, destabilize deterrence relationships and obfuscate the originator of the attack without creating the debris problem that a physical attack would cause.
Because cyber technologies are within the grasp of most states (no matter how small or impoverished) and non-state actors, they level the strategic field and create hitherto unparalleled opportunities for small belligerent governments or terrorist groups to instigate high impact attacks,” the Office of the President of the United States stated in their 2011 International Strategy for Cyberspace.
As NISTIR draft 8270 eloquently points out, “Space is an emerging commercial critical infrastructure sector that is no longer the domain of only national government authorities. Space is an inherently risky environment in which to operate, so cybersecurity risks involving commercial space – including those affecting commercial satellite vehicles – need to be understood and managed alongside other types of risks to ensure safe and successful operations.”
For deeper understanding of Space cyber threats and security please visit: Cyber Guardians of the Galaxies: Safeguarding Space Assets in the Digital Frontier
Attack Vectors and Vulnerabilities of Space Assets
One of the primary cyber security threats facing satellites and low earth orbit constellations is the risk of cyber-attacks. These attacks can be carried out by a range of actors, including nation-states, criminal organizations, and lone individuals. The methods used in these attacks can vary, but they can include malware, denial of service attacks, and other forms of cyber-espionage. Once a cyber-attacker gains access to a satellite or low earth orbit constellation, they can potentially disrupt or even disable the system, causing significant damage.
Space assets depend on the integrated working of space segment and ground segment. When space segment consists of multiple satellites working together for a common purpose, such as with the Tracking Data Relay Satellites (TDRS), they are collectively referred to as a constellation. The ground segment is a set of geographically distributed stations with powerful satellite communications (SATCOM) equipment that can send command and control telemetry to satellites and receive telemetry data from the satellite’s systems and instruments.
The types of attack to which satellites are vulnerable fall into two primary categories: physical attacks and computer-system attacks, writes Ryan Hutchins in Cyber Defense of Space Assets. Physical attacks are those directed either directly against the satellite’s physical bus or transmitted signals. The vectors for physical attacks vary greatly transmitting signals that mimic a satellite’s or ground control station’s signals but contain false information, or “spoofing,” is a physical attack, as is jamming. But physical attacks also include anything from anti-satellite missiles to a “spray-paint attack, wherein” one satellite gets close enough to another satellite to spray paint its optics, rendering them blind.
Computer system attacks, on the other hand, are attacks that affect the computing systems present on a satellite. The ultimate goal in these attacks is unauthorized access to the satellite’s instruments, bus, and data. Common vectors for these attacks are the introduction of malware into hardware in the supply chain, and compromise of the ground units that communicate with satellites, including the ground control stations of, for example, the Air Force Satellite Control Network and NASA, or field-deployed SATCOM radios. These ground systems have many of the same software vulnerabilities that plague other computer systems.
The most prominent potential ingress for a cyber-attack against such a system is the ground-control station. A hacker that compromised the station could take complete control of a spacecraft by sending messages prior to encryption.
Broken user credentials are likely to allow a malevolent actor to establish an advanced persistent threat in a satellite network. An advanced persistent threat (APT) is a stealthy set of hacking processes that continuously affect a system over time. APTs are most often used to exfiltrate vital information from a business or government target over a long period of time.
The vulnerabilities responsible for enabling these threats are divided into three categories: software vulnerabilities, hardware vulnerabilities, and insider threats. Insider threats are threats caused by individuals who have been granted trusted access to the internal network.
The most important software vulnerabilities afflicting military space systems are, the same as common vulnerabilities in particular, backdoors, hardcoded passwords, remote code execution (RCE), insecure protocols, spoofing, hijacking, SQL injection, insecure authentication, and file upload flaws are of primary concern.
Finally, there is the threat that the hardware used to construct these systems could be used to deliver a hardware attack. This vector has recently been at the focus of cyber security news because its use in Mirai botnets. Chinese manufacturer, XiongMai Technologies’ line of IoT products have hardcoded default passwords in their firmware. The Mirai malware logs into these firmware backdoors to take control of these devices and incorporate them into massive botnets that can deliver devastating DDoS attacks.
The attacker could also leave behind an advanced persistent threat, to make strategic use of compromised satellites at later times. The threat of this attack vector is reified by the numerous successful cyber-attacks directed against NASA.
Cyber Security Initiatives
Discussions between the World Economic Forum’s Global Future Councils on Cybersecurity and Space, held in April 2022, suggest that governments, alongside those who operate, use, and profit from space-dependent technologies, should identify critical space-enabled services and should prioritize ensuring their end-to-end cyber resilience.
The Cybersecurity and Infrastructure Security Agency (CISA) announced the formation of a Space Systems Critical Infrastructure Working Group. The group is composed of government and industry members that operates under the Critical Infrastructure Partnership Advisory Council (CIPAC) framework, bringing together space system critical infrastructure stakeholders.
According to CISA, “the working group will serve as an important mechanism to improve the security and resilience of commercial space systems. It will identify and offer solutions to areas that need improvement in both the government and private sectors and will develop recommendations to effectively manage risk to space based assets and critical functions.”
DARPA and DoD are interested in moving toward satisfying DoD space missions with large constellations of inexpensive satellites in low earth orbit (LEO). This distributed approach provides both redundancy and resiliency, as well as other benefits.
However, the success of national security missions that use space systems, depends on fully integrating cybersecurity into the planning, development, design, launch, sustained operation, and decommissioning of those space systems used to collect, generate, process, store, display, transmit, or receive National Security Information (NSI), as well as any supporting or related infrastructure.
The three steps that space asset stakeholders must take to successfully defend their resources, Ryan Hutchins in Cyber Defense of Space Assets are:
(1) to establish an agile, global regime that can provide training, intelligence, and knowledge sharing between stakeholders;
(2) to perform code analysis and penetration tests to expose known vulnerabilities in existing infrastructure that can be shored up by relatively simple means. Once complete, this will ensure space asset safety against a wide range of basic attacks that would currently succeed. This will force adversaries to expend massive amounts of time and resources in an attempt to find successful exploits.
(3) Aided by the established global regime, stakeholders must undertake research efforts into defense-in-depth design, and that enable them to anticipate vulnerabilities and exploits so that they may seize the initiative from attackers and design protocols, software, and spacecraft buses that are hardened against cyber-attack.
Cyber security measures
The protection of satellites and space infrastructure against cyber threats is of utmost importance. As such, space experts recommend that security must be built into every satellite from the ground up, rather than being an afterthought. This means that security measures should be integrated into the satellite design, construction, and launch processes. A secure-by-design approach ensures that security risks are identified and mitigated from the outset. By adopting this approach, satellite manufacturers can make sure that their satellites are more resilient to cyber threats.
To defend against these cyber threats, there are several measures that can be taken. One critical step is to implement strong encryption protocols to protect data transmitted between ground stations and satellites. Encryption ensures that any intercepted data is unreadable by unauthorized parties, reducing the risk of data theft or tampering.
Another critical measure is to ensure that all software and hardware used in satellite and low earth orbit constellation systems are up to date and secure. Regular software updates can help to fix vulnerabilities and patch any security flaws that may be present. Additionally, all hardware components used in these systems should be designed with security in mind, and any vulnerabilities should be addressed immediately.
Other measures that can be taken include implementing firewalls and access controls to prevent unauthorized access to systems, and using intrusion detection systems to monitor for any unusual activity. Finally, regular security audits and testing can help to identify any weaknesses in the system and address them before they can be exploited by cyber-attackers.
Identity and access management (IAM) is also critical in safeguarding space infrastructure. A robust IAM solution is needed to identify and verify those accessing flight control information and surfaces. The IAM solution should be equipped with machine learning identifiers that can detect unauthorized access attempts to critical vehicle functions. In doing so, it can prevent malicious actors from gaining unauthorized access to sensitive data.
Internet of Things (IoT) devices must be updated regularly, and hardcoded passwords should not be allowed. This helps to ensure that all devices connected to the satellite network are secure and free from vulnerabilities. It is crucial to perform multi-checks on IoT devices to ensure that they are updated and that there are no hardcoded passwords that can be exploited.
A robust intrusion detection system (IDS) is a vital component of a cyber-resilient spacecraft. The IDS should consist of continuous monitoring of telemetry, command sequences, command receiver status, shared bus traffic, and flight software configuration and operating states, and should anticipate and adapt to mitigate evolving malicious behavior. The spacecraft Intrusion Prevention System (IPS) and the ground should have the ability to return critical systems on the spacecraft to a known cyber-safe mode. Command logging should also be available to cross-check for anomalous behavior.
Spacecraft developers must implement a supply chain risk management program to ensure that all vendors handle hardware and software appropriately, with an agreed-upon chain of custody. Critical units and subsystems should be identified and handled with different rigor and requirements than noncritical units and subsystems, and should be constructed with security in mind. All software on the spacecraft should be thoroughly vetted and properly handled through the configuration management and secure software development processes (DevSecOps).
Command logging and anomaly detection of command sequences should be performed independently by both the spacecraft and ground. Commands received may be stored and sent to the ground through telemetry and automatically checked to verify consistency between commands sent and commands received. This approach ensures that command sequences are cross-validated and that any anomalous behavior can be detected and addressed.
Finally, protections should be made against communications jamming and spoofing. Signal strength monitoring and secured transmitters and receivers can help to prevent communications jamming, while encryption of links provides additional security. By adopting these measures, space infrastructure can be safeguarded from cyber threats.
Security elements for defending ground-based systems and network assets
Ground-based systems and network assets are vulnerable to cyber threats, and therefore, organizations need to adopt certain security measures to protect their assets. Some of the security elements for defending ground-based systems and network assets include cybersecurity best practices. Adopting best practices that align with the NIST cybersecurity framework (CSF) can help in the implementation of strong security measures.
Another important security element is to have key network components that are logically and physically separate. This separation can prevent virus-like attacks such as ransomware from spreading throughout the network. This security measure can help in containing the attack and mitigating the damage.
It is also important to have policies in place to handle incidents, business continuity, and crisis communication. Policies on patching, BYOD, and backup should also be put in place to ensure that ground-based system and network assets are well protected.
Employee training is also a crucial element in ground-based system and network asset protection. All individuals should receive quarterly training on topics such as spear-phishing and socially engineered email attacks. This training can help in creating awareness and preventing cyber attacks.
Organizations should also adopt a fulsome vendor supply chain risk management program that touches all primary and tertiary vendors. This program should help ensure that all vendors handle hardware and software appropriately and with an agreed-upon chain of custody.
Machine learning intrusion detection systems should also be adopted to help guard against anomalous and potential malicious activity. These systems can detect potential threats and prevent them from causing damage.
Finally, organizations should join the Space ISAC, which is a platform for sharing threats, warnings, and incident information. Joining this platform can help organizations to collaborate and share information on potential cyber threats. By sharing information, organizations can better prepare for potential cyber attacks and improve their security measures.
Laser Optical Communications
Laser optical communications is a technology being adopted by several companies for their Low Earth Orbit (LEO) satellite constellations. This technology uses highly focused laser beams to transmit data from satellites to the ground. Unlike traditional RF communication signals, which spread over many kilometers, laser beams are highly concentrated, and their signals cannot be detected unless within the narrow laser beam.
One advantage of using laser technology for satellite communication is its higher data transfer rate. Laser communication can provide data rates that are several times faster than traditional RF communication, making it ideal for transmitting large amounts of data, such as high-definition video or images.
Moreover, laser communication signals are highly secure. Bulk encryption can be applied over the data before it’s transmitted, ensuring that only authorized users can access the data. Additionally, custom waveforms can be created, which only the user will know how to decode, further increasing the security of laser communication.
Overall, laser optical communication technology offers several advantages over traditional RF communication, including higher data transfer rates and greater security. As such, it is becoming an increasingly popular choice for satellite communication systems, with companies like SpaceX, Telesat, and LeoSat incorporating it into their LEO satellite constellations.
DARPA’s Cyber and Encryption Security for National Security Space Systems and Low Earth Orbit Constellations
DARPA has launched program on Cyber and Encryption Security for National Security Space Systems and Low Earth Orbit Constellations.
The Defense Advanced Research Projects Agency is seeking information on new technologies it can use to manage the sharing of missions across large constellations of inexpensive low-earth orbit satellites for the Defense Department. advances in autonomy and machine learning are enabling the management of multiple vehicle systems that collaborate. DARPA is interested in leveraging these advances in order to demonstrate unique military utility.
DARPA is interested in leveraging advances in cybersecurity going beyond compliance with DoD instructions to ensure the security of the constellations of inexpensive low-earth orbit satellites for the Defense Department.
DARPA/TTO is seeking new technologies and concepts to derive appropriate system security requirements, architectures, and system designs from the inception of the design process through decommissioning. Areas of interest to secure include, but are not limited to:
- Information systems within the space segment collecting, generating, storing, processing, transmitting, or receiving NSI information
- NSA-approved cryptographies and cryptographic techniques, implementations, and associated security architectures,
- End-to-end encryption of all data (e.g. space platform bus and payload command echoes, telemetry, health and status, mission data, and communications relay) transmitted over any communications link
- Command initiated or automatically invoked unencrypted emergency backup links or cryptographic bypasses used to recover lost communications
- Pseudorandom bit streams to ensure cryptographically derived transmission security effects are not predictable by unauthorized personnel
- Accomplishing a secure mission shared across multiple satellites
- Autonomous detection and response to anomalous or malicious cyber events
- Securely networking among a large number of satellites in multiple orbital planes with multiple comms links, multiple ground stations, and/or multiple remote (tactical) users
- Secure on-orbit data cloud and autonomous management of dynamic, distributed data storage and processing functions across multiple satellites
- Operator interface designs for constellations allowing the flexible but secure command and control (C2) relationships.
- Scalable approaches for the above areas that enable data rates of 10Gb/sec.
In conclusion, defending space assets such as satellites and low earth orbit constellations from cyber threats is essential to ensure continued global connectivity and security. The consequences of a successful cyber-attack on these systems could be severe, so it is critical to implement strong security measures to protect them. By implementing strong encryption protocols, ensuring all software and hardware is secure, and regularly testing and auditing systems, we can help to defend against cyber threats and ensure the continued functioning of these critical systems.
References and Resources also include:
http://www.cs.tufts.edu/comp/116/archive/fall2016/rhutchins.pdf