Space cybersecurity: a blueprint for success in unchartered territory

(Image credit: Shutterstock / Andrey Armyagov)

Governments, militaries, and enterprises have always faced the threat of a cyberattack in space. However, the theoretical threat vector became real when Russian cyber attackers launched a massive distributed denial-of-service (DDoS) attack against the Viasat satellite infrastructure in February of 2022, just before Russian tanks began rolling across the Ukraine border.

This attack surfaced vulnerabilities within the satellite ecosystem and served as a wake-up call for the space industry. Since then, we’ve seen space and satellite related attacks escalate – so much so, in fact, that in August of 2023, several federal agencies issued a warning about increased attempts to attack both satellites in orbit and the intellectual property (IP) of companies developing space technologies.

The results of a successful attack could be catastrophic. We rely on satellites for communications, electricity, the internet, TV, environmental monitoring, weather predictions, advanced military operations and more. Compromised satellites would create a significant disruption to our way of life – in fact, in the wake of the Viasat attack, we already seen the impact a hacked satellite ground and space system can have. From an IP perspective, nation states and other adversaries are always on the lookout for ways to steal valuable information trying to out-compete the United States.

Neither scenario is good for our country, and we need to figure out a strategy to defend against both types of attacks. Because space security is a relatively new frontier, however, security professionals are still trying to develop a blueprint for success.

James Turgal

Vice President of cyber risk, strategy and board relations at Optiv.

A security roadmap for immediate action

With the industry still working out the best way to prevent satellite and space IP attacks, it’s understandable that many companies are taking a reactive approach to security. But we can’t afford to do this any longer. We must begin to think ahead of the threat and get proactive today to protect our country.

Whether securing a computer, power station or satellite operating 22,000 miles away, the security fundamentals should remain the same: take an offensive mindset, prioritize the basics and put technologies, people and processes in place to be able to quickly detect and respond to an event.

With this in mind, here are five best practices to consider to bolster satellite security and protect space IP:

1. Understand the environment – We live in a three-dimensional world and our satellite and space systems are a perfect example of the complexities of cyber space. Satellite security needs to be three-dimensional as well encompassing all aspects of ground-based facilities, satellites orbiting the earth, right down to the end-user router or communications system. We need to protect the company’s “crown jewels” and understand business risk within the three-dimensional space security landscape, including how attackers approach hacking in space and what solutions are necessary to defend against these threats.

2. Prioritize security upfront – Because hardware in the sky traditionally hasn’t been designed with security in mind. We need to employ the concept of Security by Design and integrate security upfront and throughout the entirety of the ecosystem – including satellite firmware, satellite hardware and ground control centers. This also includes implementing a Secure Software Development Lifecycle (SDLC), which puts an emphasis on secure coding practices, and incorporating security at every stage of the software development lifecycle to prevent vulnerabilities that can be exploited by hackers.

3. Implement defense-in-depth – The more layers of security on a satellite or network ecosystem, the harder it is for attackers to penetrate. Consider implementing:

  • Encryption: To protect the confidentiality of IP and data transmitted between ground stations and satellites.
  • Authentication and access controls: To verify the identity of users and devices trying to access valuable IP and satellite systems, preventing unauthorized access.
  • Network segmentation: To create separate zones or virtual private networks (VPNs) for different types of users and services. This helps contain potential attacks and limits the lateral movement of threats within the network. Building a Zero Trust architecture is a great way to secure your entire environment.
  • Redundancy and backup systems: To ensure service continuity in the event of a cyberattack or system failure. This may include redundant satellites, ground stations and data storage facilities.
  • Patch management: To ensure regular patching and updates are applied to systems and software to address known security vulnerabilities.
  • Firewalls: To monitor and control network traffic, allowing only authorized communication.
  • Resilient satellite design: Including redundancies and self-healing capabilities to maintain functionality even when part of the system is compromised.
  • Security monitoring: To continuously monitor network traffic for anomalies or suspicious behavior.

4. Develop an incident response (IR) plan – When suspicious behavior or a potential threat is detected, employees must be able to quickly respond and remediate the threat to limit the damage done, and there’s no better way to achieve this rapid time to action than by developing an IR plan. IR plans should detail the people involved, the processes that should go into effect and the technologies that come into play. In addition to documenting an IR plan, employees must routinely practice it, so everyone involved is aware of their responsibilities and confident in their actions when an incident occurs.

5. Conduct employee training – So they know what to look for and have the tools to respond to threats they’ve never seen before. At the core, security is a people issue. We need to train talent to think like hackers who are trying to impact national security, disrupt our way of life and steal IP, so they can detect a threat at the earliest stage possible. It’s also important to ensure all employees – from the mailroom to the boardroom and boardroom to the mailroom – buy in to create a culture that prioritizes security.

Beyond the actions individual organizations can take to protect satellites and space IP, there needs to be a strong public/private partnership so we, as an industry, can share information and lessons learned to better understand the threat landscape, how to create resiliency within systems and how to respond to attacks.

Adversaries are targeting our satellite and space industries to steal IP, impact our economy and our lives, and inflict widescale damage. We need to think and act ahead of the threat to stop it. By having an offensive mindset, mastering security fundamentals and building a strong security culture, we can put our best effort forward to securing our assets on Earth and beyond.

We've featured the best online cybersecurity courses.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here:

James Turgal is Vice President of cyber risk, strategy and board relations at Optiv.