In February of 2022, Russian government hackers launched a cyberattack on U.S. satellite company Viasat, disabling communications in Ukraine just prior to its invasion of the country.
The European Union referred to this attack as one of the most significant hacks of space equipment to date and it illustrates the vulnerability of essential technology in the new warfare domain of the 21st century.
With satellites facilitating everything from command and control (C&C) to positioning, navigation and timing (PNT) in defense arenas, as well as communications, information distribution and other critical civilian operations, satellite constellations represent one of the first targets in a multi-domain conflict fought with conventional forces, online and increasingly, in space.
This comes as increasing cyberattacks are targeting critical infrastructure operations and threatening broad economic impacts.
With the space industry projected to reach $1 trillion in annual revenue by 2040, effective cybersecurity practices must be put in place to ensure the safety of space operations.
Thanks to modernized systems engineering and advanced design techniques, satellite companies are taking a page from the nuanced DevSecOps approach of software design and applying it to the space domain, baking in the resiliency needed to withstand sustained cyber assaults orchestrated by an adversarial nation-state.
However, as we saw at this year’s Black Hat security conference, Starlink terminals were vulnerable to a cyberattack with $25 worth of Commercial Off-The- Shelf (COTS) parts, the barrier to entry for potential attackers remains startlingly low when compared with the potential damage they can inflict.
This is nothing to say of the legacy satellite infrastructure that is still on-orbit and was developed at a time when U.S. supremacy in space was inherent and potential cyber intrusions were not a concern.
Protecting our satellite constellations will take a combination of technical resilience, collaboration between public and private sectors, legislative and regulatory updates and another realm of cyber awareness.
How a Cyberattack Can Occur in Space
Satellite operations — similar to laptops, smartphones or any other widely used technology — are built on memory, compute and communications infrastructures that rely on microelectronics and circuitry, and are increasingly connected to the internet.
Like those other devices, satellites and their ground operations have the potential for network vulnerabilities for bad actors to exploit. If an attacker were able to deploy a phishing or ransomware attack to gain access to the network of terrestrial-based stations communicating commands to a satellite constellation, it could take over access and issue commands to alter a satellite’s telemetry, control, memory and content. The result would be catastrophic.
As we’ve seen with recent ransomware attacks on critical infrastructure institutions such as health systems, water treatment facilities or even the Colonial Pipeline attack in 2021, there are numerous ways attackers can gain access to a targeted network, from phishing attempts or supply chain vulnerabilities.
Further, the problem can be exacerbated by legacy satellites that were developed or deployed more than 20 years ago when onboard cyber defenses weren’t included in their design. Many of these satellites remain on-orbit and could be prime targets for a cyberattack.
A ransomware attack on a satellite constellation could have even more devastating consequences and prove incredibly lucrative for attackers, given the explosion of commercial satellite development and its growing work with the Department of Defense.
Considering that most ransomware attacks begin with the attackers covertly gaining access to a network and observing what data they are able to obtain before encrypting it, a satellite-based ransomware attack could start with a network intrusion that allows hackers to observe a satellite’s command and control signals from a ground station.
From there, the attackers could use their own wireless uplink to mimic those command and control signals to targeted satellites.
When a system is compromised, the first step is to take it offline. There should be a fallback to a safe mode that only allows a satellite to communicate with one ground station and one wave form that is not used in the ordinary operations of the spacecraft and is only meant to conduct recovery and survivability functions.
That station must be considered a “crown jewel,” one that is unknown and never used in operation. This gives the ability to do a failsafe back to a protected mode and restore software, which requires the architecture of a satellite to be resilient enough that it can fly with limited command control and access to the ground.
Maintaining the Space Domain
Securing our space infrastructure and maintaining superiority in the domain will require, among other elements, making the appropriate investments.
That is something the DoD and NASA have done well — the Air Force, Army and intelligence community have also made space a priority and are investing appropriately.
One driver in the investment of space has been the creation of entities such as the U.S. Space Force and the development of commercial space operations.
Space is one of the fastest growing business sectors, certainly in federal markets and increasingly so in commercial. The commercial investment and federal demand are significant to maintaining superiority in the domain when in competition with near-peer nation states like Russia and China.
While there are well known contractors in the space arena who’ve historically driven the market, the industry has evolved and now has multiple companies that specialize in different components of space architecture.
The growing ecosystem of technology providers are now active in manufacturing components that go onboard satellites as opposed to one builder manufacturing everything. Smallsat providers are also becoming increasingly attractive to the government as they provide a lower cost alternative.
The federal government has the largest role to play in helping shape the future of the space economy. To remain the major player in the domain, the U.S. must encourage leading edge innovation by creating a commerce system that supports investment and encourages the growth of a healthy ecosystem of innovative companies.
We also need to strike shared nation agreements on how satellites operate in the domain to help ensure the proper governance for how countries deploy satellites to certain orbits with consideration to equitable operations.
Due to the expansion of the space business, collaboration between the government and commercial sectors is imperative to advance the industry and to safeguard space infrastructure from our adversaries.
Understanding how we can best shepherd this industry and defend from near-peer adversaries, cybercriminals and others is paramount to our national security strategy moving forward.
Author Kevin Kelly is the chairman and chief executive officer (CEO) of Arcfield and oversees the development and implementation of the company’s strategy, while ensuring the company delivers technology-differentiated solutions to missions that are critical in protecting the United States and its allies. As CEO, Kevin is responsible for establishing a corporate culture, building and managing an expert leadership team, launching an innovation incubator that will ensure the company is developing solutions ahead of mission needs, and the overall growth of the company.
Kevin has been an active leader in the defense and intelligence industry for more than 30 years with proven success leading and managing companies through growth activities. He is passionate about innovation and ensuring that a company leverages its people, processes and technologies to its maximum potential to deliver for its customers. Prior to Arcfield, Kevin was the CEO of LGS Innovations, a privately held independent technology company that was eventually acquired by CACI International in March of 2019. After its acquisition, Kevin oversaw the company’s integration into CACI through the company’s creation of a new high-tech sector (National Security and Innovation Solutions Sector), where Kevin would ultimately serve as president.