Cybersecurity & The New Space Race

Promotion

While the term “space age” may have once conjured images of an “out there” intergalactic realm of spinning satellites gathering data – a world largely disconnected from our daily lives – times have changed. Satellites and terrestrial networks are nearly fully integrated, from telecommunications to GPS to reliable internet access in remote communities around the world.

In 2023, the space age is deeply connected to everything we do on land. How will this impact cybersecurity? According to Danny Palmer in an article for ZDNET, “satellites and space-based services that they provide are crucial to how we operate as a modern society.” A recent World Economic Forum article predicted that “future generations of smartphones…may well have satellite messaging capabilities for emergency communications where there is no terrestrial connectivity.”

The challenges faced by cybersecurity are no longer out of this world or even out of reach. They are stitched into the fabric of our daily routines, creating significant challenges for cybersecurity that Palmer predicts are, along with space-age technological innovations, “likely to grow.” If “cybersecurity in space is going to be arguably more important than it is on Earth,” how are industries and governments responding, and what does it mean that ensuring the security of the new space race may happen on the ground, and not in the sky?

Unique Vulnerabilities For Satellites

Until a decade ago, satellites weren’t launched by private companies, and the space race was largely the domain of governments, as well as a few select companies like Boeing and others, which were tightly contractually regulated. Computers and networks were not a part of the average person’s daily life, but now, appliances, laptops, smart watches, and other devices with connectivity are sold in the private sphere and used widely.

The explosion in private investments in space satellites and space technology from the commercial sector (Elon Musk, Jeff Bezos and Richard Branson, for example) has changed the cybersecurity landscape, creating unique and complex vulnerabilities. The complicated security aspect is often overlooked as there are no evolving standards nationally or internationally. Whereas satellites historically received data like TV signals from Earth and then amplified and mirrored them back to Earth, software-defined satellites can be reconfigured in space. While this increases vulnerability, it also means dynamic responses can be designed to respond to emergent threats.

Satellites are “more vulnerable than people realize,” according to an article by Brandon Bailey. As satellites have become “more digitized and software-driven, the attack, surface has expanded.” Just like the internet of things (IoT), an expanded surface area means more security risks, and satellites are a combination of embedded hardware and software operation in the physically isolated environment of space, which is already challenging to monitor or regulate. The more devices originate from more diverse sources, the more chances for sabotage. The fallout from an attack could be substantial and catastrophic. For example, blocking communications with a satellite could cut off vital communications and essential services – knocking out the electrical grid, for example, or allowing hackers to infiltrate other critical infrastructures on the ground, creating havoc and conflict on a wide scale.

As noted in IDST, because “the supply chain for hardware and software is depending on multiple component parts,” it makes security liability particularly complicated, especially when some of those parts are purchased overseas from different suppliers. “Where do the roles and responsibilities of hardware manufacturers, software developers, satellite manufacturers, operators and commercial users begin and end?” This will be an ongoing question as the space race develops.

Cyber-Resilience: The New Cyberecurity In Space

In addition to considering the traditional cybersecurity protocol of identity, protect, detect, recover, and respond, the new “cyber-resilient” definition also includes the ability to adapt, withstand, recover from, and adapt to stressors, attacks, or system compromises, some of which haven’t been seen before and cannot be anticipated until they occur.

Specifically, true cyber-resilience on spacecraft might require AI and/or other kinds of machine learning to build this necessary resilience.

Brad Stone, Booz Allen Hamilton’s CIO, states that, “for space cyber defense, you need to understand the mission, the ecosystem, and what threats make this environment different – whether in the systems themselves or the processes used to manage those systems.” A few points of emphasis: “location matters” as defense and intelligence space systems gather information using geographical coordinates. All connections within the “ecosystem” of satellites, ground systems, control centers, and connected devices must be checked, in addition to “ageing” software that leave potential weakness in supply chains and leave satellite systems open to attack; finally, jamming (OT attack) and pinging an uplink antenna (IT attack) – both strategies that attack the ground systems and not the satellites themselves – are an ongoing threat.

An article published by the World Economic Forum asks, “Will the battle for space happen on the ground?” This seems to be the most likely scenario, as space services have become more and more interdependent with networks on Earth. These services “support essential services such as military, utilities, aviation and emergency communications, and therefore get drawn into geopolitical conflicts on the ground. This was evident in February 2022, just as the Russian invasion of the Ukraine began, when satellite modems required a hard reset to repair compromised satellites in order to deliver vital communications to Ukrainian refugees in Slovakia.

According to RUSI (The Royal United Services Institute; the UK’s leading defense and security think tank), “It does sound a bit ‘Star Wars’ to say, but if you were to take control over a satellite, you could make it do what you want it to.”

Other threats include the possibility of planting an APT (Advanced Persistent Threat) into a satellite. Although anti-satellite weapons (ASAT) are limited in scope, with a handful of countries having orbital space capabilities, they remain real threats. In addition, regulatory frameworks have been unable to keep pace with technological evolution; hardware and satellite manufacturers, software developers, operators and commercial users must be in sync and close communication to offset cyber vulnerabilities. In other words, “security by obscurity” is no longer an option, because “as space systems have continued to grow in complexity, they are often perceived as a “black box” of poorly understood but interconnected space cyber. As private companies are increasingly involved in space technologies, the risk for criminal cyberattacks increases as well.

What Is The Role Of The U.S. Space Force?

The same cyber considerations that impact the private sector are also concerns for the Space Force, the United States’ new service about to enter its fourth year. To date, the military is one of the leaders of cybersecurity in space, planning initiatives across the space community to address cybersecurity for space systems, even in light of the absence of approved cybersecurity standards in this particular realm. With the goal of creating what’s known as “peace in orbit,” the new U.S. Space Force department is dealing with a primary battlespace that is not material, but digital, according to Josh Luckenbaugh, writing in National Defense.

Space Force, still only four years old, is concerned with how to assess cyber risks, as well as anticipate and prevent them in an ever-evolving environment. Lt. Gen. Stephen Whiting, quoted in an article from Space News, states that “the military is more comfortable dealing with physical security threats, whereas cybersecurity is a different problem that requires a nontraditional approach.” In order to increase knowledge of how to measure cyber risks, the Space Force is investing in defensive approaches to cybersecurity, versus just waiting to respond. Whiting goes on to explain that “the Space Force is now looking to add more squadrons of cyber specialists to support military units that operate communications, surveillance and navigation satellites.” Russia’s tactics in the Ukraine, when in February of 2022 they attempted to penetrate Ukrainian communications satellites in advance of the invasion underscore how these cyberweapons in space could be used to do terrible damage before, during and after on the ground conflicts.

Space Force operators recently participated in a new training exercise called “Black Skies,” overseen by STARCOM (Space Training and Readiness Command); this exercise allowed operators to experience “a mix of live fire and constructive” training. An upcoming “Red Skies” training will focus on orbital warfare to train soldiers on combatting threats in space, followed by other trainings to improve readiness and future cyber-resilience.

Cyber professionals have been commissioned directly into the Space Force industry, so one light at the end of this cybersecurity tunnel is yet more employment opportunities in the field of cybersecurity for trained professionals. Space Force will also seek to collaborate with industry partners, “setting up a commercial front door at Space Systems Command.”

See What CYRIN Can Do

At CYRIN we know that as technology changes, a cybersecurity professional needs to develop the skills to evolve with it. We continue to evolve and develop solutions with “hands-on” training and our courses teach fundamental solutions that integrate actual cyber tools from CYRIN’s labs that allow you to practice 24/7, in the cloud, no special software required.

These tools and our virtual environment are perfect for a mobile, remote work force. People can train at their pace, with all the benefits of remote work, remote training, and flexibility. Cyber is a team effort; to see what our team can do for you take a look at our course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN


Take a test drive and see for yourself!


You Might Also Read: 

The Back Door Threat To Cybersecurity:

 

« European & American Hackers Attack China
Cyber Security Strategies Need To Evolve Alongside The Enterprise »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IX Associates

IX Associates

IX Associates is a UK based IT Integration business specialising in risk, compliance, eDefence, and network security solutions.

SecWest

SecWest

SecWest is the organizer of CanSecWest, PACSEC, originator of PWN2OWN, security auditing, and virtual engagement/training.

Howden Broking Group

Howden Broking Group

Howden provides a range of specialist insurance solutions to clients around the world including Cyber Liability insurance.

KoolSpan

KoolSpan

KoolSpan’s security and privacy solutions address the growing threat of loss or theft of intellectual property, information, and proprietary assets.

cPacket Networks

cPacket Networks

cPacket’s distributed intelligence enables network operators to proactively identify imminent issues before they negatively impact end-users.

Securicon

Securicon

Securicon provides expert consulting for application, system and network security.

FRSecure

FRSecure

FRSecure is a full-service information security management company that protects sensitive, confidential business information from unauthorized access, disclosure, distribution and destruction.

Polish Centre for Accreditation (PCA)

Polish Centre for Accreditation (PCA)

PCA is the national accreditation body for Poland. The directory of members provides details of organisations offering certification services for ISO 27001.

Titans24

Titans24

Titans24 is a Software-as-a-Service security platform for web applications. It prevents attacks on business websites that are protected under 11 cyber-security layers.

Carson McDowell

Carson McDowell

Carson McDowell are one of Northern Ireland's leading law firms. We are the law firm of choice for many of Northern Ireland's Top 100 companies as well as international companies doing business here.

QuoLab

QuoLab

QuoLab empowers security professionals to analyze, investigate and respond to threats within an integrated ecosystem.

Arqit Quantum

Arqit Quantum

Arqit's mission is to use transformational quantum encryption technology to keep safe the data of our governments, enterprises and citizens.

Zilla Security

Zilla Security

Zilla combines identity governance with cloud security to deliver comprehensive access visibility, reviews, lifecycle management, and policy-based security remediation.

American Technology Services (ATS)

American Technology Services (ATS)

American Technology Services provides unparalleled services in information technology to support small and mid-sized business. From top-level strategy, to managed services and infrastructure support.

ThrottleNet

ThrottleNet

ThrottleNet provides world-class managed IT services and cybersecurity to organizations in St. Louis and throughout Missouri.

ERCOM

ERCOM

Ercom, a subsidiary of the Thales Group, is a French company known for its mobility security solutions.