Cybersecurity in Space: Exploring Extra-Terrestrial Vulnerabilities

Written by

Humanity’s fascination with the extra-terrestrial does not appear to be abating. Between 2005 and 2017, the global space industry grew at an average rate of 6.7% per year and is projected to increase from its current value of $350bn to $1.3trn per annum by 2030. This rise is driven by new technologies, business models and government investment in the industry, increasing the number of stakeholders and the application domains they serve cost-effectively.  

The use of satellite networks has also become more prominent in the past year due to Starlink’s involvement in the Ukraine conflict, and is showing no signs of slowing down. With the reduced costs of entry and a wealth of commercial opportunities in the space industry, it is anticipated that cyber-criminals are also innovating in tandem with this huge growth area. The associated increase in data volume and complexity has, among other developments, resulted in increasing concerns over the security and integrity of data transfer and storage between satellites and between ground stations and satellites.  

The risks to satellites are highlighted because they are purpose-built computers and, as such, are vulnerable to many of the same cybersecurity threats on Earth. The subsequent compromise of satellites and other space assets may increase and become more public in 2023. But what effect will increased scrutiny on space and satellite cybersecurity have on businesses on the ground?  

Read Infosecurity’s analysis of cyber-risks in space and how to secure this domain here.

Learning From Past Mistakes

Although there have not been many vulnerabilities disclosed on actual satellites to date, this is expected to change. As these satellites become more sophisticated and more accessible from a hardware and software perspective to conduct security analyses, they will also be more susceptible to cyber-attacks. Nevertheless, this is an integral time for the secure advancement of space, and we must learn from past mistakes with Internet of Things (IoT) device manufacturing, where the rush to adopt new and faster technology resulted in the large-scale deployment of insecure hardware and software.  

Following an incident in 1998 where hackers rendered a satellite useless by instructing ROSAT (a German satellite X-ray telescope) to aim its solar panels directly at the sun, miniature satellites known as CubeSats were developed to mitigate the vulnerabilities of breaching a ground control station. This addition alone does not mean that satellites are secure. In fact, hacking a CubeSat could be as simple as waiting for one of them to pass overhead before sending malicious commands to exploit vulnerabilities in the satellite’s hardware or software.  

Cybersecurity needs to be integrated during the development phase for satellites, leveraging a security-first mindset. If we are not careful, we will repeat the mistake of allowing security to take a backseat to other engineering challenges, thus leaving the system open to compromise. The time is now to leverage a security-first approach for space assets during the concept phase of innovation and not after the device has been launched into space. 

If we don’t learn from our previous mistakes when developing IoT, there will likely be an increase in successful attacks on satellite technology, such as targeted distributed denial-of-service (DDoS) attacks, like those witnessed in Ukraine against SpaceX Starlink terminals. Additionally, like all cybersecurity efforts, international collaboration is critical to effective satellite protection. All parts of the industry, from vendors, chipmakers, software developers and consumers, must work together to ensure satellites are designed with security in mind and then properly tested.  

Going Up From Here 

As satellites become more connected, just like any other device on the internet, their network and protocol software stack will become more accessible and targeted. Factoring that millions of users rely on these networks only increases this risk. Therefore, the onus is on the industry to recognize that space cybersecurity is not an impenetrable silver bullet.  

The space landscape continues to evolve from purely scientific research, which brings with it malicious actors looking to prey on this untapped technology. From providing communication and internet to security and intelligence, satellites offer a valuable service, and a cyber-attack would cause widespread disruption. It is time to leverage greater collaboration and integrate security into our development process to protect these critical services from inevitable threats.  

What’s hot on Infosecurity Magazine?