One model for the cutting edge of the space industry is putting terrestrial IT in orbit—but with the ground-based tech, such as internet connectivity, edge computing, and cloud services, come ground-based problems—more vulnerabilities for cyberattack.
“More compute is going to create more threats,” Marc Kneppers, VP of R&D at DISC, a Canadian cybersecurity company, says of this trend. “This has always been the lesson of IT: more code is more bugs is more security flaws…There’s no way this doesn’t end up with more security exploits in space.”
Kneppers has an answer: With funding from Canada’s military, his team has developed an intrusion detection system called eClypse, a paperback-book sized piece of hardware designed to attach to a spacecraft and monitor it for unauthorized access. After extensive lab testing, DISC wants to put it on an actual satellite for in-orbit testing.
eClypse is designed to monitor the satellite as an independent system that can’t be compromised by an attacker, giving operators early warning of a breach and the time to extract data and protect their systems.
Problem set: Most satellites aren’t designed to share cybersecurity-relevant telemetry with users on the ground, and many operators focus on securing their ground stations to prevent access to satellites. A survey of satellite operators in 2023 found many were unaware of standard cybersecurity practices.
There’s no public evidence of any satellite being hacked maliciously on orbit—at least, not yet. More connectivity, the use of standard software architecture instead of bespoke aerospace code, and more reliance on the generic tech supply chain all mean more opportunities for hackers. A live satellite was hacked during the Hack-a-Sat 4 contest last year.
It’s not just a fear of denial of service attacks like those launched by Russian hackers during the invasion of Ukraine. There are also concerns about the integrity of both information collected in space and data that’s just passing through in orbit—nobody wants sensitive data used for decision-making to be spoofed or stolen.
