Cybersecurity in space
Recent reports state that there are more than 4,500 satellites in orbit today, and the trend is clear: these numbers are increasing quickly. Most of the satellites are used for communication purposes, which is where military applications fit. Others perform GPS/global positioning, observation and technology development.
Satellite data criticality
Apart from governments and organizations like SpaceX, there are plenty of commercial satellites as well. Knowing the main purpose of the satellites, it is not hard to classify the criticality of the data served by them as high. Complementary to the overall picture, I’ll mention that critical infrastructure like pipelines, water and energy utilities depend on commercial satellites.
Knowing the main purpose of the satellites, it is not hard to classify the criticality of the data served by them as high.
Due to nations’ dependence, in terms of safety, on these critical pieces, the eye of security professionals has been focused in that direction. In the US, there is already legislation introduced to protect commercial satellites from cybersecurity threats, to protect citizens’ lives and livelihoods.
Security threats and vulnerabilities
It is not confidential information that government satellites have been successfully attacked, and the predictions are not optimistic: It is expected that hackers will become more aggressive against commercial satellites. The cybersecurity vulnerabilities in this technology are analogous to the ones found in the non-space sector, although space infrastructure is not as mature in the cyber-resilience area.
The US National Air and Space Intelligence Center (NASIC) defined four segments for cyber protection: space, ground, link and user; and listed relevant threats for each of them. It is not a big surprise that DDoS, malware, hacking, command intrusion and other well-known threats are found in the list.
It is high time for governments and industries to combine efforts to meet the space cyber-challenge, as it will be impossible without the appropriate technology.
A time-proven, four-step approach should be implemented: prevent, detect, respond and mitigate.
- Prevent: The main concept for prevention is a threat-based security-by-design approach that considers supply chain as one of the risks while integrating a secure development life cycle into the production environment.
- Detect: Nothing can be achieved without proactive monitoring, unified governance and policies incorporating managed access, and user and asset behavior scanning.
- Respond: The sector should also be ready to answer to threats once detected, and ensure reliability and availability via managed security events. With high service-level agreements and/or through AI-driven automation and orchestration, you can react as quickly as possible in the event of a cyberattack.
- Mitigate: Far from being the last priority, minimizing the impacts of a cyberattack and guaranteeing the ability to recover quickly in case of a disturbance — these are critical for cost savings in a business where each day is a financial challenge.
All along this four-step approach, the cybersecurity program for space can use these already-established best practices:
- Assess the cybersecurity maturity of process, people and organizations
- Identify standards and frameworks
- Elaborate a cybersecurity strategy
- Evaluate the security posture of suppliers
An overall security strategy that includes supply chain providers in guaranteeing compliance and security levels is essential.
- Preventing unauthorized access to satellite and testing capabilities in Satellite Assembly, Integration and Test (AIT); and against unwanted exfiltration of sensitive data that could harm your financial health or disseminate your IP secrets is a challenge.
- Ensuring that remote access is authorized and verifying that sensitive industrial OT information is managed securely helps to avoid data exfiltration or loss. What’s urgently needed is cryptography in transaction processing to ensure confidentiality and integrity of data, and to encrypt data at rest (VM, DB, files, etc) and in transit. Same for detecting real-time intrusion, hacking or hijacking attempts and stopping them. It is a matter of detecting and mitigating threats BEFORE they impact your IT/OT/IIOT environment. Space operations tend to be highly structured and predictable. That is why stepping up detection capabilities and automated, orchestrated and AI-driven response to attacks is highly efficient.
- Leveraging secure coding standards, verification and validation are equally important. For example, static and dynamic source code analysis tools should be run on flight-critical software. This will help to secure the equipment/onboard software in the satellite, as well as testing capabilities, whatever updates are made.
The diagram shows the building blocks of this overall strategy.
As Satellite AIT means and processes become more and more digitalized, the attack surface exposure expands as well. This requires the AIT to be secured against external threats such as DDoS attacks.
Servers and IOT/OT endpoints have to be protected against malicious code and spyware. Infections have to be detected as early as possible to save costs. This level of infrastructure protection against external threats can be achieved via a wide range of perimeter and platform security-by-design and managed security operations, including:
- DDoS/next-generation firewalls
- Endpoint protection
- IPSec tunnels
- Zero-Trust networks
A four-step approach like this would go a long way toward securing satellite data and the critical infrastructure that runs on it. Next time you look at the sky, picture all the data streaming back and forth between the Earth and thousands of satellites. Life today depends on that data. It’s worth securing.