Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Cybersecurity Experts Worry About Satellite & Space Systems

As nation-states and rogue actors increasingly probe critical infrastructure, policy and technology experts worry that satellite and space systems are on the front lines.

Information from satellites fuel a great deal of today's technology, from the intelligence gathering conducted by nation-states, to the global positioning system used for vehicle navigation, to the targeting used by "smart" weapons. 

Little surprise, then, that cybersecurity and policy experts worry that the relative insecurity of satellite systems open them to attack. In a paper released by The Royal Institute of International Affairs at the non-profit think-tank Chatham House, Beyza Unal, a senior research fellow in international security, warned that the reliance of space-based systems and satellites on civilian infrastructure means greater vulnerability to attack in times of conflict and espionage in times of peace. 

"During wartime, the greatest risk is to lose operational foresight and be unable to rely on data that comes through space," Unal says. "Receiving false or fake information may result in giving an advantage to the adversary."

The warnings come as an increasing number of nations have ramped up their operations in space. What used to be a race between the United States and Russia has changed. China landed a rover on the moon in January and launched a quantum satellite into orbit in 2016. The European Space Agency has sent probes to Mars and put a gravitation wave detector into space. Japan launched a probe that successfully landed on a near-Earth asteroid and intends to bring back samples.

A dozen nations have developed some level of space capability and have used it to launch satellites into space. The U.S. military, for example, relies on satellites to direct munitions. In 2003, during its engagement in Iraq, 68 percent of munitions were in some way guided by satellites or using intelligence from satellites, the Chatham House paper said.

The importance of satellites make them a critical part of any nation's infrastructure and attacking those satellites a strategy that most nations need to consider. While kinetic attacks are possible, cyber attacks have the benefit of being inexpensive.

"The most cost effective type of attack is the digital cyber vector," says John Sheehy, vice president of strategic services at IOActive, a security firm. "And, if you can disrupt satellite operations using cyber, unfortunately that greatly widens the pool of potential threat actors who have the capability to disrupt satellite operations."

The Chatham paper pointed out that both China and Russia have both focused on using cyber attacks as part of their military and strategic doctrine. NATO has encountered GPS jamming and other cybersecurity attacks against satellite systems during military exercises, the report said, citing NATO officials, who attributed the attacks to Russia.

Historically, satellite systems have only suffered occasional attacks over the past decade. In its 2011 Report to Congress, for example, the U.S.-China Economic and Security Review Commission noted that "in recent years, two U.S. government satellites have experience interference apparently consistent with the cyber exploitation of their control facility." The two satellites—identified as Landsat-7 and Terra EOS AM-1—each experienced two incidents of interference between October 2007 and October 2008 lasting a combined 35 minutes, according to the report. The outages were consistent with attacks against the satellites' land-based systems, but no positive evidence was found at the time.

However, since that report, satellites have been both successfully exploited and attacked. A Russian cyber espionage group known as Turla—as well as at least two other groups—have used unencrypted satellite links as command-and-control and exfiltration channels for their operations. At last year's Black Hat conference, one security researcher used vulnerabilities in satellite equipment to hack into an airplane's in-flight communications equipment from the ground.

Finally, Russia has frequently disrupted the global navigation satellite system (GNSS) for at least three years to prevent drone attacks and during times of military operations, such as its invasion of Crimea. The incidents have happened at least 9,883 times, according to research published earlier this year.

"There is constant experimentation about pushing the envelope," says David Fidler, adjunct senior fellow for cybersecurity at the Council on Foreign Relations. "Because it is a cyber operation, we don't quite know where that line is yet. Countries are being cautious about it, but they are pushing in that line more and more."

In the Chatham House paper, Unal points out that, while NATO owns some ground-based facilities and components, the group does not own its own satellites, but gets information from satellites from its member states. Typical attacks against such infrastructure includes the "five Ds"—attacks that disrupt, deny, degrade, deceive, and destroy.

In addition to actual cyberattacks, vulnerabilities in satellite can undermine the faith that member nations have in the intelligence provided by NATO, raising questions about the root justifications for action as well as potentially destabilizing the relationships between members, the report stated.

Defending against such attacks requires both technology efforts and policy measures, says Chatham House's Unal. 

"The fundamental approach here is to focus on risk-reduction frameworks and applying them within the supply chain, command, control and communication systems," she says. "It is important to note NATO uses layers of security to protect these systems. Hence, even if an attacker is able to breach a node in the system, this would not necessarily mean they could infiltrate the critical nodes."

In addition, NATO and the governments on whose technology the group relies, needs to look to their supply chains,  Unal says. 

Nations are already attempting an end run around certain types of attacks. In 2016, China launched its Micius satellite, which is expected to allow communications protected by quantum cryptography. 

At the other end of the spectrum, while technology is being used to defend against attacks, others are looking to find ways to work when technology fails as preparation for the worst, IOActive's Sheehy. Military academies, for example, continue to teach cadets to use sextants for navigation. 

"The concern will always be there to some extent," says IOActive's Sheehy. "So they are finding ways to make the operator to have the capability to work with a reduce information flow."

Related Content:

 

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

 

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC,  12/5/2019
Deliver a Deadly Counterpunch to Ransomware Attacks: 4 Steps
Mathew Newfield, Chief Information Security Officer at Unisys,  12/10/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19604
PUBLISHED: 2019-12-11
Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository.
CVE-2019-14861
PUBLISHED: 2019-12-10
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permiss...
CVE-2019-14870
PUBLISHED: 2019-12-10
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authent...
CVE-2019-14889
PUBLISHED: 2019-12-10
A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence...
CVE-2019-1484
PUBLISHED: 2019-12-10
A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'.