Post Menu and Details.
Reading time: ~4 minutes
It’s hard to imagine our everyday lives without the unnoticed presence of satellites hanging so far away in airless space. Things that we take for granted, such as GPS tracking, Internet and mobile connectivity, weather forecasts, TV channels, IoT devices, and even electrical grids – all these are working with the help of satellites. Also, let’s not forget fascinating high-resolution photographs and amazing space observation capabilities.
Just like computers on the ground are connected, so are satellites connected to ground software and hardware systems, delivering the much-needed information and signals daily. However, such constant connectivity also means that satellites are prone to cyber-attacks. The devices that are far away in space are much more difficult to maintain and update; that’s why it’s not impossible to fiddle with their operations and data. A satellite attack might have a ripple effect that affects huge financial losses and data theft in many areas. Let’s review the most common cyber vulnerabilities in satellites and see how it might be possible to tackle them.
Satellites are constantly sending and receiving data by design. Security engineers’ first and foremost concern is that it is challenging to patch software on satellites from a distance. To boot, weak encryption and hardware might get quickly outdated but keep operating for years. As a result, there are always some vulnerabilities to mitigate.
How to improve threat visibility within such a network? Vendor-agnostic detection rules powered by SIGMA might be a solution to identifying threats across different assets and their software versions. Visit https://socprime.com/blog/sigma-rules-the-beginners-guide/ to find out how to create such rules. Furthermore, tools like Uncoder.IO will instantly translate search queries and other detection content into a vendor-specific format for SIEM, EDR, and XDR platforms. However, there’s more to satellites than meets the eye.
Cyber-Attacks on Satellites
Prior to every satellite’s launch, it must undergo thorough testing. Every little piece of technology, including communication protocols, encryption, and operability, gets approved. It’s also necessary to make sure that different solutions do not contradict each other and do not interfere with critical system functions. However, once the satellite is in orbit, it’s impossible to send it back and forth to the Earth for installing updates. It stays in space for a while.
It’s technically possible to attack the communication systems and hijack control of the satellite from the earth. Although, it requires significant resources which are possessed, most likely, only by a nation-state. Researchers say it’s much easier to attack an operating base on the ground. A simple spearphishing attack will get access to credentials and make it possible to enter the system and exfiltrate data, perform reconnaissance, or encrypt data and demand a ransom. Because ground systems are connected to the Internet and satellites, there is no need to breach satellites. All the broad range of modern malware can potentially be planted onto satellite operations systems through social engineering, code injection, or cross-site scripting. Denial of service attacks is also possible to perform this way. Ground Stations-as-a-Service infrastructures are even more vulnerable to cyber-attacks due to the use of open-source software.
Andy Davis, director of transport security at the NCC Group, warns that the rapidly developing small satellite sector is prone to security breaches. Cyber-attacks are becoming more likely because the investment needed is decreasing because of cheaper Commercial Off Shelf (COTS) hardware, open source software, and new efforts like Ground Stations-as-a-Service. He argues that there has been, and will be even more of, a rise in the attack surface of assets in orbit and their associated ground-based support infrastructure.
There are two main targets: the ground station infrastructure and the commercial off-the-shelf (COTS) hardware and open source software used on board satellites. The ground-based infrastructure will be the most vulnerable since it will be run by humans and connected to the internet more so than computers. Despite the possible increase in the number of small satellites being launched over the next few years, some in the satellite business are hopeful about the sector’s ability to continue to ward off cyber-attacks.
Clifton thinks the satellite business is highly concerned about the danger. Also, he says, “considering the size and reaches of their fleets and the number of earth station access points, the small satellite constellations are potentially a larger target.” But the, people are keenly aware of the dangers of developing and deploying these technologies. They appear to be taking the threat seriously and putting safeguards in place. Whether security was designed into the systems from the start for the earth’s closest satellites or was added later to comply with regulations is probably a key factor.
New low-orbit constellations of satellites (LEO) have the potential to become an Internet backbone. Their operation principle is essentially similar to that of an interconnected network of routers, except these are not boxes in a server room connected with cables but satellites flying low above the Earth at high speed while exchanging data with each other and points on the ground. Continuous technical support and installment of updates are required to keep their work smooth.
However, no matter how new the updates are, it is impossible to prevent attempts of cyber attacking. Acknowledging cyber threats and understanding vulnerabilities unique to this type of digital asset will help shape and maintain a risk mitigation strategy. Disaster recovery playbooks need to embrace the probability of new and unknown attacks as well as have a well-defined strategy for remediating the most common threats.
At the moment, media outlets talk about national defense forces retraining personnel in satellite operations and network operations teams. Meanwhile, standards for cyber defense increase and become more demanding for enhancing the security posture. Developing hybrid networks is the latest “trend” in protecting satellites from cyber attacks. These networks are capable of executing various services on various orbits at different frequencies, giving opportunities for maintaining resiliency if a critical situation occurs. Commercial contractors call it “software-defined networking,” where different traffic types are communicating with a variety of links to satellites on orbits and with a variety of terrestrial links as well. Luckily, with constellations of satellites like Starlink, a constant connection plays a vital role in cyber protection: even if one target experiences signal jamming, for example, it doesn’t affect the operation of the network.
Thank you for reading!