Society’s demand for space-based data has fueled growth in the space industry, with 10,000+ satellites in orbit. On top of all that hardware grows an even faster network of interconnected data, software, and mesh networks, working in concert with other connected devices to converse and compute.
The data exchange in space presents a near-infinite number of attack surfaces. And with society’s data, infrastructure, and national security interests increasingly intertwined with space-based data, cybersecurity vulnerabilities have emerged.
Consequences: The growth of data exchanges and attack surfaces on space networks has provided malicious actors ample opportunities to jam, spoof, hijack, or deploy ransomware on systems.
Beyond the business implications of a compromised device (e.g., loss of revenue), the cost of failure of a security breach touches national security, transportation, energy, and all the economic systems that depend on a satellite or constellation for operations.
Trends we are following:
- Interconnectivity: The world is moving to billions of connected users and devices; eventually, everything from power grids to smart roadways to iPhones will be connected via satellites.
- Cost of failure: Our economy, agriculture, transportation, energy, and national security depend on space-based data.
- SWaP constraints: Size, weight, and power constraints curtail the volume of onboard cybersecurity.
- Bad actors: Adversaries see unprotected space systems as a way to cause mass disruption on Earth.
- Microprograms: The growing volume of satellite multi-tenant programs increases the risk of cyberattacks and necessitates security at the data level.
- The Pentagon: Given the sensitive and mission-critical nature of national security satellites, any lapse in data flow could endanger our warfighters.
- While hardware-based encryption has been the norm for years, the encryption only protects data over a small portion of its journey and relies on keys that are challenging to change, making recovery from a breach difficult.
- With data moving across different networks, boundaries, and constellations, the Space Force has been investing in software-based encryption to fill in the gaps.
Cyber warfare:
As traditional battlefields evolve, cyber-attacks have become an increasingly popular weapon for state actors, who can unleash asymmetrical attacks on critical space assets and communications.
The US has been sounding the alarms, warning satellite operators that bad actors can breach systems and steal sensitive data and tech.
Russian cyber attacks:
- Viasat: Russia began its invasion of Ukraine by attacking Viasat’s KA-SAT satellite network
- The day troops invaded the country, Russia infected Viasat modems with a malware update, cutting service to tens of thousands of Ukrainian customers.
- Starlink: As the invasion unfolded, Russia stepped up its cyberwarfare campaign to include the Starlink network.
- On March 5, 2022, Musk tweeted, “Some Starlink terminals near conflict areas were being jammed for several hours at a time. Our latest software update bypasses the jamming.” Russian forces were jamming radio frequencies by sending up signals stronger than terminal ones, interfering with satellite transmission. Later that month, Musk also reported Starlink hacking attempts.
Chinese cyber threats: US intelligence has determined that along with jamming capability, China is building tech capable of hijacking satellites, which could disrupt the Pentagon’s surveillance, missile tracking, and military comms abilities. Leaked CIA documents warned that these cyber weapons are more sophisticated than those used by Russia.
Defending against cyber threats:
Satellite operators have traditionally protected their cyber assets with Type-1 NSA-certified encryptor boxes and off-the-shelf cybersecurity solutions that provide basic and necessary protection in the form of 2-step authentication, VPN, firewalls, etc. However, these legacy defense mechanisms generally only provide protection for a fraction of the data’s journey.
To ensure secure systems, many operators are moving beyond network-level security measures and protecting information at a data level.
Zero trust architecture: This is where zero-trust comes in. In a zero trust architecture, all traffic and users, irrespective of their origin—internal or external—are treated as potential threats. Decentralized security and cryptography are employed to ensure that each data record is secured individually. The data remains safeguarded even if there’s a security breach at the network level.
Zero trust architecture includes:
- Rapid rotation of encryption keys.
- Endpoints that can dynamically and securely negotiate keys with each other on demand.
- Even if an intruder manages to access the network or the keys, the locks can be swiftly changed, rendering the data inaccessible.
The security solution directly protects data rather than defending at a broader network level,
Final thoughts: The push for enhanced space cybersecurity is driven by growing concerns over the proliferation of attack surfaces and the resulting national security and business vulnerabilities. Despite this urgency, the adoption process faces challenges from limited budgets in startups and hesitation to adopt outsourced solutions.
We dive into all of it in our Space Cybersecurity and Zero Trust report, which you can access here.
