Communications Satellites Are Vulnerable

Uploaded on 2019-07-11 in GOVERNMENT-Defence, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The US and its allies need to double down on the cyber-security of their satellites as space infrastructure becomes ever more integral to national security, according to a recent report ‘Cyber vulnerabilities strike at the heart of the key technologies in strategic doctrines and military planning’. 

The Pentagon and other western military forces rely heavily on space-based systems to guide weapons, gather intelligence and coordinate operations around the globe, but security gaps in their satellite infrastructure threaten to bring those functions to a grinding halt or worse, researchers at the London-based think tank Chatham House found. 

As adversaries like Russia and China ramp up their offensive cyber capabilities, they said the western world needs to lock down its space infrastructure against potentially crippling attacks. And in the meantime, “it would be prudent” for countries to assume their systems have already been infiltrated.

“If cyber threats are not effectively addressed, vulnerabilities in the strategic infrastructure could result in severe consequences for international security,” researchers wrote in a report published Monday 1st July. 

“There is an urgent need to study and address cyber-related challenges to strategic assets within NATO and its key member countries, particularly the cyber threat to space-based command and control systems.”
While researchers stressed the importance of space cyber-security for all NATO members, the US has the greatest foothold in space by far. 

According to the United Nations, the US currently has more than 1,900 satellites in orbit around the Earth. The second highest NATO member is France, with 127.

Because so many of the alliance’s global operations in both war and peacetime are coordinated through satellites, a cyber-attack against any individual system could potentially have huge downstream effects. Countries base their national security strategies on the assumption that their weapons, communications and other systems will perform as expected, but in today’s uncertain cyberspace, “this should not be taken for granted.” Though they didn’t point to any specific security holes, researchers said the alliance’s current space infrastructure is increasingly vulnerable to attack and those weaknesses “have not yet received the attention they deserve.” 

One major risk they highlighted is hazy line between commercial and military space infrastructure. Beyond the supply chain risk of buying satellites from private companies, the Pentagon and other NATO military forces often rely on commercial satellites to gather images and other data from space, the report said. 

Often these satellites aren’t built to the same strict security standards as their military counterparts, and they could be vulnerable to adversary attacks. Adversaries could also infiltrate control stations on the ground by exploiting employees at military outposts or private companies, researchers wrote.

“There is an increasing need to apply higher-grade military hardening and cyber protection specifications to civilian capabilities that have the potential to be used in support of military applications,” they said.

Given the exposure of their space infrastructure, NATO members should assume adversaries have already infiltrated their systems and invest in technology that could restore satellites in the event of an attack, according to researchers. 
Artificial intelligence and machine-learning tools could be particularly useful in spotting and responding to the latest threats, they added.

In the report, researchers also said NATO should invest in both cybersecurity as well as “active, persistent engagement” that could disrupt and deter attackers. 

‘Further planning needs to go into the integration of new technologies when securing satellites from cyber-attack. Aspirations in this area may include the ability for satellites to configure and fix themselves’. 

The report comes as the Pentagon prepares to delegate most of its space-based operations to the newly minted Space Force, which is expected to be up and running by 2020.

DefenseOne:         ChathamHouse:  

You Might Also Read:

Chinese Hack Breached US Satellites:

Robots Will Repair Satellites In Space:


 

 

« Police Forensic Firm Has Paid Ransom
US Electoral Infrastructure Is Wide Open To Hackers »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

IntSights

IntSights

IntSights is an intelligence driven security provider offering rapid, accurate cyberthreat intelligence and incident mitigation in real time

National Information Technology Development Agency (NITDA) - Nigeria

National Information Technology Development Agency (NITDA) - Nigeria

The National Information Technology Development Agency (NITDA) is committed to implementing the Nigerian National Information Technology Policy.

Niksun

Niksun

Niksun's forensics-based cyber security and network performance monitoring products provide customers with actionable insight into security threats, performance issues, and compliance risks.

Signifyd

Signifyd

Signifyd is the world's largest provider of Guaranteed e-Commerce Fraud Protection.

sayTEC

sayTEC

sayTEC's mission is to develop and deliver next-generation products and services in encrypted data and voice transmission.

Secure IT Disposals

Secure IT Disposals

Secure IT Disposals specialise in professional Computer Recycling, Computer Disposals, Computer Destruction, Data Erasure and end-of-lifecycle solutions.

PQShield

PQShield

PQShield are specialists in Post-Quantum Cryptography. We provide quantum-secure cryptographic solutions for software, software/hardware co-design and data in transit.

Key Cyber Solutions

Key Cyber Solutions

Key Cyber is an IT consulting firm that specializes in agile software development services, program management and infrastructure services, cyber security and cloud and managed services.

Foundries.io

Foundries.io

Foundries.io have built a secure, open source platform for the world's connected devices, and a cloud service to configure this to any hardware and any cloud.

TransUnion

TransUnion

TransUnion is a global information and insights company that makes it possible for businesses and consumers to transact with confidence.

Obsidian Security

Obsidian Security

Protect your business-critical applications by mitigating threats and reducing risk with Obsidian, the first truly comprehensive security solution for SaaS.

ECIT

ECIT

ECIT is your preferred provider of finance and IT services. We believe in the value of combining financial and IT services to streamline and improve the operation of your business.

ANSSI Burkina Faso

ANSSI Burkina Faso

ANSSI is responsible for managing the security of information systems and cyberspace in Burkina Faso.

Panoplia Digital Protection

Panoplia Digital Protection

Panoplia Digital Protection is a cutting-edge cybersecurity company that leverages the power of AI and ML to help businesses and consumers protect themselves against cyber threats.

JustunSecure

JustunSecure

JustunSecure is dedicated to promoting information technology and cybersecurity in Africa.

Creative Network Innovations (CNI)

Creative Network Innovations (CNI)

Creative Network Innovations is a leader in providing advanced IT and cybersecurity solutions.