SoS Musings #35 -
Better Secure Those Satellites
Satellites are human-built objects placed into orbit that enhance our lives in various ways, from sending television signals directly to our homes, to powering navigation systems such as the Navstar Global Positioning Systems (GPS), to monitoring weather. Earlier in the year, SpaceX successfully launched 60 Starlink satellites into orbit, bringing the total number of satellites launched by the company to 242 and making SpaceX the world's largest active satellite constellation. Other companies, including Amazon and OneWeb, are racing to put satellites in space as well. According to the NSR's (North Sky Research) "Small Satellite Markets Report, 5th Edition", over 7,000 additional small satellites will be launched by 2027. These satellites are expected to increase internet access in remote areas of the world, improve global navigation systems, and environmental monitoring. Global Navigation Satellite Systems (GNSS) encompass all the satellite navigation systems that provide Positioning, Navigation, and Timing (PNT) services with comprehensive coverage. If the GNSS were to suffer a significant outage for one day because of an attack, it would cost the U.S. an estimated $1 billion in damages as these systems support automation and safety, and maintain efficiency. Cybersecurity and policy experts have expressed concerns about the vulnerability of satellite systems to attacks by hackers which poses a significant threat to global security and safety. As the number of satellites increases, and nation-states and rogue actors increasingly target critical infrastructure, more attention must be given to the protection of these systems.
Studies have shown the impact that cyberattacks on satellites could have on safety and security. Ruben Santamarta, a principal security consultant at IOActive, gave a presentation at the 2018 Black Hat conference in Las Vegas, in which he brought attention to the vulnerability of popular satellite communication systems to cyber-physical attacks. These attacks pose a risk to the ships, planes, and military that use these systems to connect to the internet. Research conducted by Santamarta revealed that hackers could execute attacks aimed at turning satellite antennas into radio frequency weapons acting as "microwave ovens" to cause physical damage to electrical systems and possibly injure soldiers or passengers. The exploitation of security vulnerabilities contained by the software that operates satellite antennas could also allow attackers to interrupt, prevent, or alter satellite communications, as well as execute additional attacks against other equipment connected to the satellite network. In the military realm, such attacks pose a higher safety risk as they could be used to extract precise GPS coordinates of a satellite antenna, potentially leading to the exposure of the exact location of a military base. Chatham House, the London-based independent policy institute, released a paper titled "Cybersecurity of NATO's Space-based Strategic Assets" that emphasizes the possible execution of GPS digital spoofing attacks against satellite systems to interrupt the transmission of radio frequency signals or send fake messages. These attacks could be used by attackers to present false information, thus leading to confusion and redirection of military troops as well as the hijacking of autonomous vehicles and robotic devices. These studies suggest the need to bolster satellite security as the compromise of this technology by hackers could result in significant consequences.
There have already been incidents in which hackers took control of satellites. In 1998, hackers compromised the U.S.-German ROSAT X-Ray satellite, allowing the hackers to aim the satellite's solar panels at the sun, which resulted in the damage of its batteries. Hackers supposedly sponsored by the Chinese government were able to take control of two NASA satellites, Landsat-7 and Terra EOS, in 2007 and 2008. In 2018, Symantec revealed the detection of a hacking campaign launched by Chinese-state backed actors that aimed to hack two U.S. satellite companies and gain access to operational technology implemented to send commands to satellite systems. It essential to examine the different factors that contribute to satellite security breaches.
There are several contributing factors to the vulnerability of satellites to hacking. Brian Weeden, Director of Program Planning for Secure World Foundation, pointed out that satellites and their ground systems are just as vulnerable to same cyberattacks faced by other computer systems because they often run widely-used operating systems such as Unix or Linux in addition to some specialized software. Satellite-makers, especially those that build inexpensive miniature satellites known as CubeSats, use off-the-shelf technology. As the components used to create CubeSats are in hands reach of hackers, they can easily be examined for exploitable vulnerabilities that could allow attackers to take control of these satellites. Many of these components are also based on open-source technologies. The technical structure, launch, and management of satellites also rely on contributions from multiple manufacturers, which increases outsourcing, thus increasing the number of entry points for hackers. The complexity of satellite supply chains and management makes it difficult to determine which party is responsible if a satellite suffers a cyberattack, which impedes efforts to secure satellite systems. Also, as SpaceX, Amazon, and other companies compete to become the most powerful satellite operator, they are cutting costs to increase the speed at which satellites are manufactured. The increasing pressure to reduce costs leads companies to skimp on the implementation of cybersecurity measures when producing satellites. Cybersecurity standards and regulations for space assets such as satellites and their controls are also lacking. There needs to be an increase in efforts and research towards the improvement of satellite security.
Improving satellite security requires an increase in efforts in the realms of technology and regulation. An article published by Defense One discusses the efforts of researchers at the National Security Agency (NSA) to improve satellite cybersecurity by exploring the use of Artificial Intelligence to characterize unusual behavior exhibited by small satellites and to help determine whether adversaries have secretly compromised these satellites. According to the encryption solutions office of NSA's Capabilities Directorate, the NSA research team is also looking at how malware can be deployed to small satellites via a ground station to get a better understanding of the vulnerability of these devices to cyberattacks. The U.S. Air force is planning to launch the Infrastructure Asset Pre-Assessment (IA-Pre) program, which will function as a cybersecurity screening program for commercial satellite communications providers that involves third-party audits to verify compliance with NIST 800-53 cybersecurity standards. Studies conducted by researchers at Penn State University further highlight the dangers posed by unauthorized access or exposure of satellite data to national security and civil liberties, calling for the appropriate regulation and handling of this type of data by lawmakers, satellite owners, and operators. Efforts towards exploring and ensuring the cybersecurity of satellite systems must continue.