By Geoff Pierce, Chief Information Security Officer, Centauri
With 5G finally starting to roll out across the country, the anticipation for new IoT applications continues to build. With that anticipation also comes some hesitancy: How will our increasingly connected world handle new and evolving security threats? While many are focused on network, smartphone, sensor and cloud cybersecurity, this article will examine the under-reported, high-stakes work being done by both government and industry to ensure that satellite technology is capable of fending off attacks both in orbit and on the ground.
The cost of space components has dropped precipitously over the past decade: 10 years ago, the average satellite cost upwards of $500 million to develop and launch; today, those costs are usually measured in the tens of millions. This decline has been a boon to agencies and companies launching satellites into orbit on a regular basis. Because satellites are cheaper to manufacture, however, some organizations may feel less inclined to invest heavily in security features because losing a few satellites to an attack won’t impact the bottom line as much as developing and installing a sophisticated cybersecurity system. Of course, this myopic approach fails to account for the shared environment that is the Earth’s orbit. There are currently more than 20,000 objects orbiting the planet (most of them are space junk), and with companies like SpaceX already launching new mega-constellations of satellites, that number will increase 10-fold within the next few years, with many of these new satellites cross-communicating with each other to navigate and avoid collisions. Much like how vaccinations provide herd immunity to humans against a virus, satellite companies must invest in cybersecurity systems to ensure that one breach does not risk impacting hundreds of other satellites.
All these new satellites in space will also be capturing, storing and sharing data. Unlike NASA and other government agencies that have been pioneering space travel for more than 50 years, many of these new private companies are experiencing their first forays into orbit. These new satellites will be packed with high-performance cameras and sensors to gather information, armed with AI and machine learning technology to coordinate activity and perform data analysis, and powered by novel propulsion systems that promise longer mission duration. For an enterprising hacker, any one of these technological innovations represents a potentially vulnerable attack vector. As smart satellites begin capturing and transmitting an increasingly large share of data, leaders in the space industry must make securing data storage and transfer a top priority.
The vast majority of these new satellites will operate in low Earth orbit (LEO), like those currently used for taking pictures and making weather predictions, and as a result, they will be more vulnerable than those in geosynchronous (higher) orbit. LEO satellites travel much faster in relation to Earth’s surface, which means that operators have shorter windows of connection, making monitoring and rectifying security issues that much more difficult. Not being able to get in contact with satellites becomes an even more complicated issue given that ransomware is one of the biggest threats facing space tech. Not only do ransomware attacks put proprietary data in danger, but there’s also a possibility of hackers carrying out “cyber-physical” attacks, turning the satellites themselves into weapons against other items in space or targets on the ground.
Organizations generally face the most risk when launching a payload to a satellite that is out of sight. Because they only have a connection to an LEO satellite for minutes at a time, they’re often not able to monitor the delivery as they would be able to if it was in geosynchronous orbit. In worst-case scenarios, bad actors could actually hack into the transmission process and spoof a “mission success,” giving the satellite team false results.
There are a few steps companies can take to find effective solutions to these challenges. On the communications side, employ end-to-end encryption systems whether satellite-to-satellite or satellite-to-ground. While encryption shouldn’t be the only line of satellite defense, it is a good start. Companies are also beginning to implement on-orbit reprogramming – where an operator can update the software remotely from Earth, to extend the life of the orbiting satellite – which has the potential to save millions of dollars, reduce space junk and more quickly fortify a satellite from possible attacks. From the software side, it’s important for organizations to incorporate secure development best practices into their satellite and ground system development processes. We are also beginning to see a move towards space virus scanners. While this technology isn’t widely used yet, it’s great to see that organizations are thinking of ways to move the needle when it comes to satellite security.
Lastly, organizations should be more diligent throughout the space supply chain to avoid incorporating counterfeit off-the-shelf components, which can make satellites vulnerable even before leaving the planet. Not many people think about satellite security beginning during the manufacturing process, but it’s one of the most important steps to protect to ensure confidence in the end product.
In 2019, we take many of the benefits provided for us by satellites for granted – it’s unlikely you’ve marveled recently at GPS’s ability to guide you directly to your destination, your weather app’s ability to forecast afternoon rain showers, or your smartphone’s ability to place calls on a country road. However, as IoT-driven sensors and 5G become more ubiquitous and as companies continue their mega-constellation initiatives by launching thousands of satellites into space, the increased connectivity between all these devices will present new and evolving security concerns. Those at the forefront of the space industry must make protecting their satellites with advanced cybersecurity solutions a priority as we continue our technological expansion into Earth’s orbit.
About the Author
Geoff Pierce is the Chief Information Security Officer at Centauri. He joined the company in 2005 to oversee the implementation of Centauri’s personnel security information management system. He has developed and matured proven, practical approaches to cybersecurity that have scaled to support small, medium and large businesses. Previously, Geoff served as an engineer and project lead at AT&T Government Solutions and on the operations team at Lockheed Martin. Geoff can be reached on LinkedIn and at our company website centauricorp.com.