Safeguarding space systems against emerging cyber threats

Satellite communications are now considered critical national infrastructure (CNI) and vital to global security and economic stability. As cyberattacks grow more sophisticated and threat actors become more nefarious in their methods, managing commercial space operations and understanding the security protocols required to defend them has never been more important.

Paul Kostek, IEEE senior member and principal systems engineer at Air Direct Solutions LLC

A report from the Ethics + Emerging Sciences Group recently confirmed that cyberattacks against CNI in space pose a serious issue. The report called for more proactive security planning to mitigate emerging threats. With the number of registered space objects and satellites increasing annually – an average of 2,600 objects were launched into space between 2022 and 2023 – threat actors are presented with an ever-expanding attack surface.

The Ethics + Emerging Sciences Group urged CNI leaders to review their security systems and to better understand the current cybersecurity threats to low-earth orbit (LEO) satellites to avoid nationwide disruption. This way, organizations will have a better idea of how to defend these critical assets.

NEW ATTACK METHODS CAUSING NATIONWIDE DISRUPTION

CrowdStrike’s well-documented outage caused disruption across industries such as healthcare, travel and global commerce. It was reported that over 1000 flights were cancelled due to the outage, as well as significant delays with airfreight shipments of fresh and perishable food items, affecting product availability and increasing the likelihood of waste.

This raised concerns about the potential impact if bad actors intentionally set out to cause the same failures to vital services. Consider the recent cyberattack against the NHS, where employees were unable to use Electronic Medical Information Systems (EMIS), causing significant interruption to the management of appointments and patient records, even bringing some pharmacy prescriptions to a halt.

Navigating The New Cybersecurity Frontier

As the number of satellite constellations increases, so will the number of potential entry points for threat actors. This introduces the possibility of network hijacking. If GPS satellites were taken offline or if their data were corrupted, the effects on commerce, aviation (both commercial and military), and our daily lives would be significant.

The risks grow further as space operations evolve from being government-exclusive to involving commercial operators. While launch vehicles are inspected before being approved for use, payloads are only required to meet physical and environmental standards such as weight, power, and temperature. There are currently no cybersecurity mandates. This leaves them vulnerable to various attack vectors, including electromagnetic interference (EMI), spoofing, jamming, or total loss of control.

Payload designers must take a comprehensive approach to end-to-end design to prevent operational disruption and incorporate cybersecurity from the outset. Given the increasing number of commercial systems in space, addressing cybersecurity post-design is no longer viable. Ground stations and Internet of Things (IoT) devices, which are often managed by third-party operators, also present additional entry points to cyber attackers.

In fact, as hacking was not previously considered a significant threat, many older satellites lack the necessary security measures. There was an incident in 1998, where cyber attackers took control of ROSAT, a German X-ray satellite’s imaging sensor, aiming its solar panels directly at the sun rendering the satellite inoperable. However, with the upcoming launch of nine new GPS satellites, costing US$5.5 billion each, cybersecurity is now essential for their protection. Even lower-cost communication satellites must be secure by design from the offset.

In theory, threat actors could damage or disrupt strategic services and crucial data, or even leverage compromised space assets to support ‘hybrid’ attacks against other vital services and organizations. The more nefarious cyberattacks could take control of a compromised ground station or facilities to interfere with a satellite’s command-and-control communication, enabling them to steal valuable information.

Scenario Mapping And Mitigation Planning

Alongside risk assessments, which are carried out at the beginning of the design process, security protocols must also be defined clearly from the start. This is the best time to map out potential scenarios and establish clear mitigation strategies and also determine whether the risk justifies the cost of protection. Identifying access points and limiting exposure should also be a priority.

Looking ahead, more adept hardware and software security solutions are needed. Cybersecurity must be integrated during the development phase for satellites. Attacks could range from physical collisions intended to destroy vehicles to hijacking a satellite’s control systems to move it out of orbit or jam its signals. Any satellites lacking strong security mechanisms could potentially be weaponized and used against other satellites to trigger further disruption to vital services. Equally, as satellites become more and more connected, their wider network and protocol software will become a bigger target.

Satellite maintenance presents a security risk as well since physical connections for refueling or software updates can serve as entry points for hostile actors. Encrypted software will be critical to securing these connections.

In each case, it’s important to evaluate satellite replacement and launch costs, alongside the availability of spare satellites or reconfiguration strategies. Security solutions must also align with a satellite’s lifespan –whether it’s a short-term asset (five years or less) or a longterm satellite, like those in the GPS constellation.

FUTURE SPACE CYBERSECURITY – A BLUEPRINT

We must also consider the possibility that conflicts on Earth could extend into space. Military activities would suffer greatly if communications, surveillance, or navigation satellites were blocked. As space becomes more accessible to businesses, universities, and emerging space nations for commercial opportunities, it also opens the door to new forms of criminal activity, creating fresh vulnerabilities.

Prioritizing cybersecurity for all deployed payloads and ground stations is essential. A robust, multilayered security strategy should include encryption to safeguard IP and data transmission between satellites and ground stations, network segmentation via private networks (VPNs) to contain attacks, and regular patch management to address vulnerabilities. Additionally, CNI teams must develop comprehensive incident response (IR) plans to ensure realtime, effective action and communication in the event of a cyber incident.