Cybersecurity Best Practice Is Critical for Winning the New Space Race

As the low Earth orbit market prepares to double over the next five years, to the tune of around $20 billion, we sit on the edge of a new space race. However, amid rapidly falling launch costs and a host of technological advancements, it's safe to say that this race is heading into new territory.

These digitizations relate to the role of sensors and data processing, and a plethora of applications that aid ground control and observation operations.

One segment of the race that is still yet to pick up speed, however, relates to cybersecurity. The implications of attacks on satellites are self-evident, but the resilience and protection of these galactical systems require further exploration and a mass team effort.

Familiarity in Space

The difficulties that come with protecting devices in space comprise multiple complex systems within systems — each playing different roles and being deployed by different players.

Satellites are effectively just platforms with embedded systems and interfaces, including radio communications, telemetry tracking control systems, and ground segment connections. These are all essentially enterprise networks, but that also makes them avenues of opportunity for cybercriminals.

These systems are underpinned by a complex supply chain — another prime target for attackers, as we've seen on the ground through examples like SolarWinds, where the supply chain served as a gateway to all other interfaces.

Not only does this make systems in space more familiar than you might think, it also makes them more challenging to defend.

As such, the satellite door is potentially being left ajar to hacktivists, financial crusaders, and state-acting spies who can use their significant resources to target other countries' prized space assets.

The "How" and "Why" of Space Attacks

Why attack space when there are systems on land?

The answer is twofold, based on how familiar these satellite platforms actually are, and what attackers stand to gain by infiltrating them.

Addressing the former, "under the hood" of a satellite is a platform. More often than not, the embedded system within that platform may be as recognizable as a Linux operating system. And while the operations of the satellites themselves have traditionally been bespoke to offset that vulnerability, that too is now changing, as the market becomes more commercialized and accessible.

Any good hacker or threat actor will be familiar with the operating system, and once administration rights are attained to the environment, access to cameras, orientation, and all other interfaces becomes much more plausible.

And this "how," leads to the "why." A case study from earlier this year saw an outage of the Viasat network across Europe, at almost the exact time Russian troops entered Ukraine. As well as being a commercial broadband provider, Viasat is also used by the Ukrainian military. On closer inspection, the main damage seemed to be collateral across the continent, as a result of a misconfiguration sent down to modems.

However, upon even closer testing of the memory chips from these modems, it was revealed that they had essentially been wiped out, akin to wiping the operating system from a PC. The most plausible theory is that attackers gained access to the internal management system through a misconfiguration, developed malware to deploy across the network to wipe the modems, and pushed that malware through on the day of the invasion. It wasn't the satellite itself that was being targeted — it was merely a portal to impact connections and operations on the ground.

Recognizable Defenses

This link between space and Earth is what makes cybersecurity advancements in this sector so critical. Satellites in themselves are fascinating and mysterious because of the technology behind them and their locations. But, more often than not, they're simply portals to information we're trying to acquire, monitor, or use to inform decisions down on the ground.

Yes, this makes their breaches more concerning, but on a positive note, it also means the response in terms of defense can lean on familiar processes and technologies used in more reachable areas of our lives.

For example, running trusted code from equally trusted sources can be achieved through Trusted Platform Module (TPM) chips, which we find in mobile phones. Novel encryption approaches that we use to defend enterprise networks could also be applied to the data equation to offset the risk of jamming, spoofing, or relay attacks. Segmentation and using zero-trust architectures are further examples of enterprise strategies, alongside stronger authentication protocols for users, to better protect ground stations.

And all of this must be backed up by enhanced supply chain security where software bills of materials (SBOMs) should become more common practice.

A Sprint and a Marathon

The space race is just that: a race. Just as the landscape has evolved rapidly in recent years, it will continue to do so moving forward, and scenario planning will form a big part of cybersecurity strategy to ensure better futureproofing than we've had until now.

We're on the precipice of a new space era, and have time to get these agile and adaptable best practices in place before the attack landscape evolves in tandem. Building systems that can withstand attacks, segment risks, and contain breaches needs to be a culmination of this more concerted testing and scenario planning.

But it can't be done in isolation. The space race is a relay — a team sport where information must be generated through collaboration. Not only will this ensure a speedier launch from the new starting line, but it will give this effort endurance as the sprint turns into a marathon over the years to come.