Addressing the growing risk of a satellite cyberattack

An image of security icons for a network encircling a digital blue earth.
(Image credit: Shutterstock)

Space technology, in particular satellites, are central to modern-day life and critical for communication, security, and intelligence. Recently, we have seen satellite networks gain increasing attention due to Ukraine’s reliance on SpaceX’s Starlink and this is showing no signs of slowing down.

About the author

John Fokker is Head of Threat Intelligence and Principal Engineer at Trellix.

Additionally, the global space industry is predicted to rise from its current value of $350 billion to $1.3 trillion per annum by 2030. However, this fascination with the extraterrestrial is a double-edged sword: as the industry grows, so do its cybersecurity risks. Specifically, the associated increase in data volume and complexity has resulted in rising concerns over the security and integrity of data transfer and storage between satellites, and between ground stations and satellites.

Fortunately, there have been no vulnerabilities disclosed on actual satellites so far. But as satellites have mostly been controlled by governments and the military to date, little information is available as to whether an actual satellite has been hacked. This is expected to change as these satellites become more accessible, from a hardware and software perspective, to run security analysis.

It’s clear that this is a pivotal time for the secure advancement of data transfer, storage in space and satellite applications, but what will this space security approach look like for businesses?

Avoid history repeating itself with space

With the reduced cost of entry and increasing commercial opportunities in the space industry, cybercriminals are likely to be innovating within this huge growth area just as businesses are. This is why developing a security first approach to space technology needs to be a priority.

Learning from past mistakes in technology can inspire innovation. Therefore, the advancement of security in space will require businesses to have an awareness of the technology errors that have previously been made and the approach that should be taken going forward. The rush to develop and adopt new technology during the emergence of the Internet of Things (IoT) resulted in large scale deployment of insecure hardware and software; this is a risk we can’t take with space.

In addition, satellites have typically been relay-type devices that provide high-resolution imagery and repeat signals to and from different locations on earth in regions with poor internet connectivity. But as the technology becomes more sophisticated and smarter, the deployment of devices using inter-satellite links (ISL) in constellations like Starlink will aim to provide full high speed and global broadband coverage.

So, as the space sector moves towards general availability, satellites will be more accessible to threat actors and will need to have the right security in place.

Getting the timing right

There are many trustworthy building block primitives today that could help secure space, but it is critical to leverage at the concept phase of innovation and not once a device has been launched into space. The time is now to secure our next generation infrastructure and data sources.

The space industry is seeing the introduction of cheap satellites using commercial off-the-shelf (COTS) components and new cloud services such as Ground Station as a Service (GSaaS) and Satellite as a Service (SataaS) models. Like any new ecosystem, this will bring new attack surfaces and challenges.

Getting the security right while the hardware and software are being developed is crucial. Once a device is connected to the internet, we need to think about a satellite as any other device which can be accessed either directly or indirectly over the internet, opening it up to cyber-attacks.

What are the existing vulnerabilities?

To date, attacks on satellite systems from a cybersecurity perspective have typically been in the context of very-small aperture terminals (VSAT), spying and hijacking.

While there have been vulnerabilities found in the VSAT terminal software and its higher-level custom protocols, there seems to have been no focus, and no vulnerabilities yet discovered, within the network software stack of the satellite itself. This may be because satellites are very expensive, as well as closed source, and are therefore not readily accessible to security researchers or cybercriminals.

Yet, this security by obscurity will not provide protection with the new era of nanosats, which are small satellites with a mass of 1kg to 10kg. These nanosats use commercial off the shelf components which will be accessible to cybercriminals. In addition, users and trusted insiders will always remain a big threat from a ground station perspective, just like enterprise security today, as they can potentially leak direct access to the satellite control to cybercriminals – whether by mistake or on purpose.

A collaborative and adaptive approach to security is key

Establishing a trustworthy Space 4.0 ecosystem is going to require strong collaboration and an adaptable, living security approach.

Cybersecurity is a global problem and satellite-specific security is no different. All parts of the industry from vendors and chipmakers to software developers need to work together in order to ensure satellites are designed with security in mind and then properly tested. To build resilience into this technology, an adaptive security approach is key. Static and siloed security can only go so far. By embedding security that reshapes itself to match the threat landscape – adapting to threats across clouds, infrastructure, devices, teams, and data – the technology will be better positioned to learn from any attempted attacks and remain secure.

The fact is, as satellites are becoming more connected, just like any other device on the internet, their network and protocol software stack will become more accessible and targeted. Adding millions of mobile devices to these networks increases this risk. For everyone to benefit from the promise of satellite connectivity on mobile devices, it's important for the industry to recognize collaboration and a security approach that adapts as fast as global attackers do is required to protect these services.

Stay secure from space invaders

The space sector is rapidly evolving: a lower cost of launching, combined with public and private partnerships, is opening up a whole new dimension of connectivity. We are already struggling to secure our data on earth. Now we must understand and secure how our data will travel through space constellations and be stored in cloud data centers on earth and in space.

Space is set to be the new battleground against cybercriminals; the onus is on businesses to understand the latest developments to cybersecurity in space in order to embrace the new era of space securely.

John Fokker is Head of Threat Intelligence at Trellix Advanced Research Center.