MilsatMagazine recently had the opportunity to engage in a conversation with Mr. Stremlau regarding satellites and security.
Through open standards and specifications, Trusted Computing Group (TCG) enables secure computing. The benefits of TCG technologies, according to the organization, include protection of business-critical data and systems, secure authentication and strong protection of user identities, and the establishment of strong machine identity and network integrity. Trusted hardware and applications reduce enterprise total cost of ownership and support regulatory compliance.
Through member-driven work groups, TCG enables the benefits of trust in computing devices from mobile to embedded systems, as well as networks, storage, infrastructure, and cloud security. More than a billion devices include TCG technologies. Virtually all enterprise PCs, many servers and embedded systems include the TPM; while networking equipment, drives and other devices and systems deploy other TCG specifications, including self-encrypting drives and network security specifications.
Components to implement TCG hardware specifications are available from a number of semiconductor vendors. Software and applications are available from many software developers.
The TPM 2.0 specification has been adopted as an international standard by the International Standards Organization / International Electromechanical Commission.
Networking gear and services supporting the Trusted Network Communications network security and access control specification are available from a number of vendors. And, self-encrypting drives based on TCG specifications are available from drive vendors in HDD, SSD, hybrid drive and enterprise storage formats with many available management software options. Today, all solid state drives are self-encrypting and are used in data centers at Facebook and other organizations. TCG is headquartered in Beaverton, Ore., with member companies located worldwide. TCG has two regional forums, in Greater China and Japan, to drive innovation and adoption of trusted computing in those regions.
Good day, Mr. Stemlou. What do you see as driving the increasing adoption of satellite technology within militaries, agencies or governments?
Digital connectivity demands have seen a significant rise in the number of satellites being sent up into orbit. This is not being done by private companies alone – satellite technology now plays a crucial role in military and government operations. Satellites are now key to gathering intelligence and carrying out surveillance, with highly sensitive data being communicated back to Earth constantly. Earlier this month we saw China launch an optical Earth observation satellite which will provide detailed reconnaissance imagery to the Chinese military.
Satellites now play an important role in ongoing military conflicts or concerning situations where tensions are rising, and can flag movements or redeployments in real-time. Satellites are also used for navigation and logistical purposes too, as well as land surveys and urban planning.
Through the use of satellite technology, militaries and governments are able to gather and communicate top- secret information without needing to be physically located in an area, a much safer option compared to putting lives at risk by being on the ground.
What role does cybersecurity play in a critical environment?
As governments, agencies and militaries send up an increasing number of data points into space, it is absolutely vital that they are secure. The use of satellites to gather and communicate highly sensitive data means space-based assets are a huge target for hackers looking to compromise sensitive information.
Due to the nature of the data that is collected, an inadequate approach to satellite security could result in devastating consequences. As space-based assets form vast important communications networks that are collecting and sharing rising amounts of data, one compromised satellite can bring down the whole network.
We have seen several attacks recently that targeted federal government networks and organisations, such as the SolarWinds Orion attack last year. By gaining access to the company’s widely used IT management platform, hackers were able to gain access to the systems of Orion’s customers, many of whom are government departments, and remained undetected for months.
Hackers were then able to install even more malware and gain access to more data. The increasing sophistication of cyberattacks means highly sensitive information can be accessed, but it is difficult to track or confirm exactly how much data has been compromised. If surveillance or intelligence information gets into the wrong hands, the consequences are incredibly serious and can affect national security.
What challenges must be overcome to secure the industries?
The size, scope and number of Earth station access points makes it challenging to ensure satellite security. A rise in Internet of Things (IoT) devices and interconnected networks mean that if one device or component is not protected, then a hacker can gain access to the whole network of connected devices. It is also crucial that data is protected across all stages of transmission.
Due to the isolation of space, it is vital that a level of trust is established between earth bound devices and satellites that lasts for the duration of the satellite’s lifetime. This not only guarantees security, but is also cost-effective as satellites do not need to be replaced or upgraded as quickly.
With the correct solutions and infrastructure in place, satellites will be able to handle upgradability in a secure way and maintain the mission critical aspects of a satellite.
Cyberattacks are becoming more common, with cybercrime up 600 percent due to the Covid-19 pandemic, according to the PurpleSec cyber security 2021 report, and sensitive data is a top target. The Space Development Agency Director, Derek Tournear, recently said that cyber and supply chain problems are common mode failures, so it doesn’t matter if there is one satellite or a thousand, an attack may have the ability to take them all.
By following industry standards and guidance, the entire satellite ecosystem can come together to reduce the risk of an attack and ensure that the best defence possible is in place.
What are the security solutions that militaries, agencies or governments must consider?
The good news is that, as satellite communications have advanced, so have the security solutions that protect them. With many organizations involved in and benefiting from satellite communications, it is important that the correct architectures, specifications and standards are followed to prevent cyberattacks.
Trusted computing technology must be used, as it ensures the trustworthiness of devices, device identity and security validity, acting as the building blocks to create secure systems.
Network security infrastructure allows for communications to be authenticated at every stage of data transmission that gets sent to the earth-bound devices, before it gets sent up to the satellite, acting as a firewall. Even with huge volumes of satellites and devices communicating, the satellite will ignore communication if authentication has not been successful.
By encrypting communication at the networking level, data is also protected when traveling across the satellite ecosystem.
We are also seeing a rise in supply chain attacks, with a 430 percent increase in supply chain attacks in 2020 according to research by Sonatype. This is a relatively new threat which must be accounted for, with important work being done by industry alliances to ensure guidance and specifications are in place to verify the integrity of equipment within a supply chain.
A satellite is the end product of a lengthy design and manufacturing process and militaries and governments must ensure the products they are purchasing are as secure as possible. If industry guidance is followed universally, the entire ecosystem will benefit from a new layer of protection against cyber threats.
What are the risks if satellite security is not taken seriously?
If satellite security is not a high priority, militaries and governments are opening the door for hackers to compromise incredibly sensitive data. In terms of secrecy, the data we are referring to is as top-secret as you can get.
Eavesdropping of intelligence, satellites being destroyed or rendered incapable and false materials being implemented into the satellite are all potential scenarios if security is not ensured. If a hacker, group or enemy nation were to intercept or access military or government satellite communications, information would be shared that could potentially endanger human lives.
Other risks include financial penalties, legal implications due to breaching data protection laws and wider, global damage if national security is compromised.
As satellites become even more widely adopted across the glove, how can these organizations protect against future cyberattacks?
Ultimately, security must be the first consideration when it comes to designing and manufacturing a satellite. It absolutely cannot be an afterthought. To ensure satellites are protected, technology solutions must be used that allow components to protect, self-identify and self- recover, with the ability to know when they have been modified or compromised.
It is crucial that the reliability and integrity of the network is guaranteed, otherwise governments, militaries and other agencies will face devastating consequences.