Space – the new frontier in cyber security
This year saw the 50th anniversary of the first man on the Moon. In that time, we have become ever more dependent on space for our communications and surveillance activities.
However, increasing geopolitical tensions mean there are ever greater risks to those systems. We have seen some states testing hit-to-kill interceptor missiles and conducting successful flight trials of anti-satellite missile systems, underlining the reality of the threat to critical equipment in space.
There are some signs that the UK government is recognising the need to respond, and the defence secretary has recently outlined an ambitious space programme for the UK. That includes the UK becoming the first formal partner in the US-led Operation Olympic Defender. This is a multinational coalition formed to strengthen deterrence against hostile actors in space, and is designed to mitigate the evolving threats faced by the UK in this area.
While there are significant kinetic threats in space, just as on Earth, there are even greater cyber security-related threats and it is important to note that these can come from outside the major state actors, with smaller rogue states developing attacks on satellites. These cyber-based attacks are much easier and cheaper to fund and action is needed to improve defences against them.
A particular vulnerability is that satellites are increasingly using software-defined functionality that can be reprogrammed in orbit. This means they need greater levels of technical security controls so they cannot be hacked for nefarious reasons. This is expensive, with some satellite companies now claiming they are spending more money on cyber protection than they do to operate the satellites themselves.
And it is not just the satellites, but more importantly the ground stations with which they communicate. These stations have terminals that constitute a critical vulnerability, as a terminal is an access point to a satellite and is often not protected by authentication in order not to hinder operational actions. Terminals run on software that itself can be compromised and require regular patching and upgrading.
The attack vectors include jamming of signals to provide a denial of service-type attack or the spoofing of information feeds from satellites. Such spoofing could be minor but significant – for example, misrepresenting geographical positioning information fed to driverless cars or precision guided munitions in times of conflict.
The importance of activities in space was underlined in a recent Chatham House research paper, Nato’s space-based strategic assets, which stated: “In the future, the use of emerging technologies, which includes artificial intelligence (AI), quantum-based cryptography, quantum computing and the development of space-based internet infrastructure, will define the future of warfare.”
A particular emerging issue is the higher number of satellite data exchange interfaces used between the military and civil sectors, for applications such as GPS. This has ramifications for the laws of armed conflict and raises the risk, or provides an excuse for those that want to attack them, that civilian capabilities used for military purposes qualify as legitimate military targets.
The Chatham House paper also highlights the specific threats which could result if a satellite-based network was attacked and a breach occurred, and sets out the countermeasures that should be adopted.
These are relevant for any satellite operator, not just Nato, and should leverage both technical countermeasures and recognise that hacks will occur, as well as build resilience into satellite and ground station operations by design.
That work should start with a clear assessment of the cyber maturity of the organisation, followed by action on the areas for improvement across people, process and technology. There should also be a focus on improving technical defences including creating backups such as terrestrial alternatives for guidance systems, or investing in quantum systems for secure communication. These provide a radical new way to encrypt information transmitted between satellites, making it more difficult to hack information.
Once the systems are in place, there is a need to carry out regular testing, with feedback and update, of how new attack vectors could cause compromise and of how quickly the organisation can recover from a catastrophic breach. That should include awareness of the increasing threats that are coming not just from denial of service or data loss, but deliberate and malicious data corruption over an extended period. This incremental activity is intended to cause the maximum confusion and loss of trust.
All this should be underpinned by training and education of all staff on the latest cyber threats, as well as the use of AI and machine learning to provide an early warning of unusual actions by staff, not just in the technical world, but the physical one.
The cyber threat to our activities in space is very real and the impact of a successful attack could be significant, making it critical that these countermeasures are put in place urgently.