Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Cybersecurity Experts Worry About Satellite & Space Systems

As nation-states and rogue actors increasingly probe critical infrastructure, policy and technology experts worry that satellite and space systems are on the front lines.

Information from satellites fuel a great deal of today's technology, from the intelligence gathering conducted by nation-states, to the global positioning system used for vehicle navigation, to the targeting used by "smart" weapons. 

Little surprise, then, that cybersecurity and policy experts worry that the relative insecurity of satellite systems open them to attack. In a paper released by The Royal Institute of International Affairs at the non-profit think-tank Chatham House, Beyza Unal, a senior research fellow in international security, warned that the reliance of space-based systems and satellites on civilian infrastructure means greater vulnerability to attack in times of conflict and espionage in times of peace. 

"During wartime, the greatest risk is to lose operational foresight and be unable to rely on data that comes through space," Unal says. "Receiving false or fake information may result in giving an advantage to the adversary."

The warnings come as an increasing number of nations have ramped up their operations in space. What used to be a race between the United States and Russia has changed. China landed a rover on the moon in January and launched a quantum satellite into orbit in 2016. The European Space Agency has sent probes to Mars and put a gravitation wave detector into space. Japan launched a probe that successfully landed on a near-Earth asteroid and intends to bring back samples.

A dozen nations have developed some level of space capability and have used it to launch satellites into space. The U.S. military, for example, relies on satellites to direct munitions. In 2003, during its engagement in Iraq, 68 percent of munitions were in some way guided by satellites or using intelligence from satellites, the Chatham House paper said.

The importance of satellites make them a critical part of any nation's infrastructure and attacking those satellites a strategy that most nations need to consider. While kinetic attacks are possible, cyber attacks have the benefit of being inexpensive.

"The most cost effective type of attack is the digital cyber vector," says John Sheehy, vice president of strategic services at IOActive, a security firm. "And, if you can disrupt satellite operations using cyber, unfortunately that greatly widens the pool of potential threat actors who have the capability to disrupt satellite operations."

The Chatham paper pointed out that both China and Russia have both focused on using cyber attacks as part of their military and strategic doctrine. NATO has encountered GPS jamming and other cybersecurity attacks against satellite systems during military exercises, the report said, citing NATO officials, who attributed the attacks to Russia.

Historically, satellite systems have only suffered occasional attacks over the past decade. In its 2011 Report to Congress, for example, the U.S.-China Economic and Security Review Commission noted that "in recent years, two U.S. government satellites have experience interference apparently consistent with the cyber exploitation of their control facility." The two satellites—identified as Landsat-7 and Terra EOS AM-1—each experienced two incidents of interference between October 2007 and October 2008 lasting a combined 35 minutes, according to the report. The outages were consistent with attacks against the satellites' land-based systems, but no positive evidence was found at the time.

However, since that report, satellites have been both successfully exploited and attacked. A Russian cyber espionage group known as Turla—as well as at least two other groups—have used unencrypted satellite links as command-and-control and exfiltration channels for their operations. At last year's Black Hat conference, one security researcher used vulnerabilities in satellite equipment to hack into an airplane's in-flight communications equipment from the ground.

Finally, Russia has frequently disrupted the global navigation satellite system (GNSS) for at least three years to prevent drone attacks and during times of military operations, such as its invasion of Crimea. The incidents have happened at least 9,883 times, according to research published earlier this year.

"There is constant experimentation about pushing the envelope," says David Fidler, adjunct senior fellow for cybersecurity at the Council on Foreign Relations. "Because it is a cyber operation, we don't quite know where that line is yet. Countries are being cautious about it, but they are pushing in that line more and more."

In the Chatham House paper, Unal points out that, while NATO owns some ground-based facilities and components, the group does not own its own satellites, but gets information from satellites from its member states. Typical attacks against such infrastructure includes the "five Ds"—attacks that disrupt, deny, degrade, deceive, and destroy.

In addition to actual cyberattacks, vulnerabilities in satellite can undermine the faith that member nations have in the intelligence provided by NATO, raising questions about the root justifications for action as well as potentially destabilizing the relationships between members, the report stated.

Defending against such attacks requires both technology efforts and policy measures, says Chatham House's Unal. 

"The fundamental approach here is to focus on risk-reduction frameworks and applying them within the supply chain, command, control and communication systems," she says. "It is important to note NATO uses layers of security to protect these systems. Hence, even if an attacker is able to breach a node in the system, this would not necessarily mean they could infiltrate the critical nodes."

In addition, NATO and the governments on whose technology the group relies, needs to look to their supply chains,  Unal says. 

Nations are already attempting an end run around certain types of attacks. In 2016, China launched its Micius satellite, which is expected to allow communications protected by quantum cryptography. 

At the other end of the spectrum, while technology is being used to defend against attacks, others are looking to find ways to work when technology fails as preparation for the worst, IOActive's Sheehy. Military academies, for example, continue to teach cadets to use sextants for navigation. 

"The concern will always be there to some extent," says IOActive's Sheehy. "So they are finding ways to make the operator to have the capability to work with a reduce information flow."

Related Content:


Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.


Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
The Security of Cloud Applications
Hillel Solow, CTO and Co-founder, Protego,  7/11/2019
US Mayors Commit to Just Saying No to Ransomware
Robert Lemos, Contributing Writer,  7/16/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-07-17
In qBittorrent before 4.1.7, the function Application::runExternalProgram() located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, as demonstrated by remote command execution via a crafted name within an RSS feed.
PUBLISHED: 2019-07-17
There is an information disclosure vulnerability on Secure Input of certain Huawei smartphones in Versions earlier than Tony-AL00B The Secure Input does not properly limit certain system privilege. An attacker tricks the user to install a malicious application and successful ...
PUBLISHED: 2019-07-17
A vulnerability in the Cisco FindIT Network Management Software virtual machine (VM) images could allow an unauthenticated, local attacker who has access to the VM console to log in to the device with a static account that has root privileges. The vulnerability is due to the presence of an account w...
PUBLISHED: 2019-07-17
A vulnerability in the 802.11r Fast Transition (FT) implementation for Cisco IOS Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected interface. The vulnerability is due to a lack of complete error handling conditi...
PUBLISHED: 2019-07-17
A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to improper input validation in the device configuration interface. An attacker could exploit this vulnerability by access...