Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Cybersecurity Experts Worry About Satellite & Space Systems

As nation-states and rogue actors increasingly probe critical infrastructure, policy and technology experts worry that satellite and space systems are on the front lines.

Information from satellites fuel a great deal of today's technology, from the intelligence gathering conducted by nation-states, to the global positioning system used for vehicle navigation, to the targeting used by "smart" weapons. 

Little surprise, then, that cybersecurity and policy experts worry that the relative insecurity of satellite systems open them to attack. In a paper released by The Royal Institute of International Affairs at the non-profit think-tank Chatham House, Beyza Unal, a senior research fellow in international security, warned that the reliance of space-based systems and satellites on civilian infrastructure means greater vulnerability to attack in times of conflict and espionage in times of peace. 

"During wartime, the greatest risk is to lose operational foresight and be unable to rely on data that comes through space," Unal says. "Receiving false or fake information may result in giving an advantage to the adversary."

The warnings come as an increasing number of nations have ramped up their operations in space. What used to be a race between the United States and Russia has changed. China landed a rover on the moon in January and launched a quantum satellite into orbit in 2016. The European Space Agency has sent probes to Mars and put a gravitation wave detector into space. Japan launched a probe that successfully landed on a near-Earth asteroid and intends to bring back samples.

A dozen nations have developed some level of space capability and have used it to launch satellites into space. The U.S. military, for example, relies on satellites to direct munitions. In 2003, during its engagement in Iraq, 68 percent of munitions were in some way guided by satellites or using intelligence from satellites, the Chatham House paper said.

The importance of satellites make them a critical part of any nation's infrastructure and attacking those satellites a strategy that most nations need to consider. While kinetic attacks are possible, cyber attacks have the benefit of being inexpensive.

"The most cost effective type of attack is the digital cyber vector," says John Sheehy, vice president of strategic services at IOActive, a security firm. "And, if you can disrupt satellite operations using cyber, unfortunately that greatly widens the pool of potential threat actors who have the capability to disrupt satellite operations."

The Chatham paper pointed out that both China and Russia have both focused on using cyber attacks as part of their military and strategic doctrine. NATO has encountered GPS jamming and other cybersecurity attacks against satellite systems during military exercises, the report said, citing NATO officials, who attributed the attacks to Russia.

Historically, satellite systems have only suffered occasional attacks over the past decade. In its 2011 Report to Congress, for example, the U.S.-China Economic and Security Review Commission noted that "in recent years, two U.S. government satellites have experience interference apparently consistent with the cyber exploitation of their control facility." The two satellites—identified as Landsat-7 and Terra EOS AM-1—each experienced two incidents of interference between October 2007 and October 2008 lasting a combined 35 minutes, according to the report. The outages were consistent with attacks against the satellites' land-based systems, but no positive evidence was found at the time.

However, since that report, satellites have been both successfully exploited and attacked. A Russian cyber espionage group known as Turla—as well as at least two other groups—have used unencrypted satellite links as command-and-control and exfiltration channels for their operations. At last year's Black Hat conference, one security researcher used vulnerabilities in satellite equipment to hack into an airplane's in-flight communications equipment from the ground.

Finally, Russia has frequently disrupted the global navigation satellite system (GNSS) for at least three years to prevent drone attacks and during times of military operations, such as its invasion of Crimea. The incidents have happened at least 9,883 times, according to research published earlier this year.

"There is constant experimentation about pushing the envelope," says David Fidler, adjunct senior fellow for cybersecurity at the Council on Foreign Relations. "Because it is a cyber operation, we don't quite know where that line is yet. Countries are being cautious about it, but they are pushing in that line more and more."

In the Chatham House paper, Unal points out that, while NATO owns some ground-based facilities and components, the group does not own its own satellites, but gets information from satellites from its member states. Typical attacks against such infrastructure includes the "five Ds"—attacks that disrupt, deny, degrade, deceive, and destroy.

In addition to actual cyberattacks, vulnerabilities in satellite can undermine the faith that member nations have in the intelligence provided by NATO, raising questions about the root justifications for action as well as potentially destabilizing the relationships between members, the report stated.

Defending against such attacks requires both technology efforts and policy measures, says Chatham House's Unal. 

"The fundamental approach here is to focus on risk-reduction frameworks and applying them within the supply chain, command, control and communication systems," she says. "It is important to note NATO uses layers of security to protect these systems. Hence, even if an attacker is able to breach a node in the system, this would not necessarily mean they could infiltrate the critical nodes."

In addition, NATO and the governments on whose technology the group relies, needs to look to their supply chains,  Unal says. 

Nations are already attempting an end run around certain types of attacks. In 2016, China launched its Micius satellite, which is expected to allow communications protected by quantum cryptography. 

At the other end of the spectrum, while technology is being used to defend against attacks, others are looking to find ways to work when technology fails as preparation for the worst, IOActive's Sheehy. Military academies, for example, continue to teach cadets to use sextants for navigation. 

"The concern will always be there to some extent," says IOActive's Sheehy. "So they are finding ways to make the operator to have the capability to work with a reduce information flow."

Related Content:


Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.


Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-09-23
** UNSUPPORTED WHEN ASSIGNED ** peg-markdown 0.4.14 has a NULL pointer dereference in process_raw_blocks in markdown_lib.c. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
PUBLISHED: 2020-09-23
A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files on the underlying filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP re...
PUBLISHED: 2020-09-23
A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper validation of incoming emails. An attacker could exploit t...
PUBLISHED: 2020-09-23
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (UCM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based...
PUBLISHED: 2020-09-23
A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because th...