Information from satellites fuel a great deal of today's technology, from the intelligence gathering conducted by nation-states, to the global positioning system used for vehicle navigation, to the targeting used by "smart" weapons.
Little surprise, then, that cybersecurity and policy experts worry that the relative insecurity of satellite systems open them to attack. In a paper released by The Royal Institute of International Affairs at the non-profit think-tank Chatham House, Beyza Unal, a senior research fellow in international security, warned that the reliance of space-based systems and satellites on civilian infrastructure means greater vulnerability to attack in times of conflict and espionage in times of peace.
"During wartime, the greatest risk is to lose operational foresight and be unable to rely on data that comes through space," Unal says. "Receiving false or fake information may result in giving an advantage to the adversary."
The warnings come as an increasing number of nations have ramped up their operations in space. What used to be a race between the United States and Russia has changed. China landed a rover on the moon in January and launched a quantum satellite into orbit in 2016. The European Space Agency has sent probes to Mars and put a gravitation wave detector into space. Japan launched a probe that successfully landed on a near-Earth asteroid and intends to bring back samples.
A dozen nations have developed some level of space capability and have used it to launch satellites into space. The U.S. military, for example, relies on satellites to direct munitions. In 2003, during its engagement in Iraq, 68 percent of munitions were in some way guided by satellites or using intelligence from satellites, the Chatham House paper said.
The importance of satellites make them a critical part of any nation's infrastructure and attacking those satellites a strategy that most nations need to consider. While kinetic attacks are possible, cyber attacks have the benefit of being inexpensive.
"The most cost effective type of attack is the digital cyber vector," says John Sheehy, vice president of strategic services at IOActive, a security firm. "And, if you can disrupt satellite operations using cyber, unfortunately that greatly widens the pool of potential threat actors who have the capability to disrupt satellite operations."
The Chatham paper pointed out that both China and Russia have both focused on using cyber attacks as part of their military and strategic doctrine. NATO has encountered GPS jamming and other cybersecurity attacks against satellite systems during military exercises, the report said, citing NATO officials, who attributed the attacks to Russia.
Historically, satellite systems have only suffered occasional attacks over the past decade. In its 2011 Report to Congress, for example, the U.S.-China Economic and Security Review Commission noted that "in recent years, two U.S. government satellites have experience interference apparently consistent with the cyber exploitation of their control facility." The two satellites—identified as Landsat-7 and Terra EOS AM-1—each experienced two incidents of interference between October 2007 and October 2008 lasting a combined 35 minutes, according to the report. The outages were consistent with attacks against the satellites' land-based systems, but no positive evidence was found at the time.
However, since that report, satellites have been both successfully exploited and attacked. A Russian cyber espionage group known as Turla—as well as at least two other groups—have used unencrypted satellite links as command-and-control and exfiltration channels for their operations. At last year's Black Hat conference, one security researcher used vulnerabilities in satellite equipment to hack into an airplane's in-flight communications equipment from the ground.
Finally, Russia has frequently disrupted the global navigation satellite system (GNSS) for at least three years to prevent drone attacks and during times of military operations, such as its invasion of Crimea. The incidents have happened at least 9,883 times, according to research published earlier this year.
"There is constant experimentation about pushing the envelope," says David Fidler, adjunct senior fellow for cybersecurity at the Council on Foreign Relations. "Because it is a cyber operation, we don't quite know where that line is yet. Countries are being cautious about it, but they are pushing in that line more and more."
In the Chatham House paper, Unal points out that, while NATO owns some ground-based facilities and components, the group does not own its own satellites, but gets information from satellites from its member states. Typical attacks against such infrastructure includes the "five Ds"—attacks that disrupt, deny, degrade, deceive, and destroy.
In addition to actual cyberattacks, vulnerabilities in satellite can undermine the faith that member nations have in the intelligence provided by NATO, raising questions about the root justifications for action as well as potentially destabilizing the relationships between members, the report stated.
Defending against such attacks requires both technology efforts and policy measures, says Chatham House's Unal.
"The fundamental approach here is to focus on risk-reduction frameworks and applying them within the supply chain, command, control and communication systems," she says. "It is important to note NATO uses layers of security to protect these systems. Hence, even if an attacker is able to breach a node in the system, this would not necessarily mean they could infiltrate the critical nodes."
In addition, NATO and the governments on whose technology the group relies, needs to look to their supply chains, Unal says.
Nations are already attempting an end run around certain types of attacks. In 2016, China launched its Micius satellite, which is expected to allow communications protected by quantum cryptography.
At the other end of the spectrum, while technology is being used to defend against attacks, others are looking to find ways to work when technology fails as preparation for the worst, IOActive's Sheehy. Military academies, for example, continue to teach cadets to use sextants for navigation.
"The concern will always be there to some extent," says IOActive's Sheehy. "So they are finding ways to make the operator to have the capability to work with a reduce information flow."
Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.