Space Cybersecurity: Securing the future of space operations

Space Cybersecurity: Securing the future of space operations

Satellites are vital to sustaining the current balance in the global economy, society, and advanced militaries. As such, states are increasingly recognizing satellites as critical infrastructure. They provide a significant role in climate and natural disaster monitoring, communication, early warning systems, global broadcasting, meteorology, navigation, precision strikes, reconnaissance, remote sensing, surveillance, and the advancement of science and understanding.

Critical infrastructure is defined by the U.S. Department of Homeland Security as 16 different sectors that seem discreet; yet, there are many commonalities across them. For example, most critical infrastructures rely on space systems.

In-Security

Jamming, hijacking, eavesdropping, control attacks, are just a few examples of attacks to satellite systems. These incidents, together with the increasing use of satellite infrastructure by companies and governments around the world, made them begin to recognize that satellites are critical infrastructures that require increased protection. This awareness led to the implementation of various security measures, perhaps the most significant of which was the adoption of encrypted communications to protect both command and control links (uplinks) and data reception links (downlinks).

In this context, state actors are at the forefront of these advanced satellite-related threats. For example, state-sponsored groups are known to conduct sophisticated, long-term campaigns against satellite systems, known as Advanced Persistent Threats (APTs).

They may consist of a combination of cyber-attacks on ground stations, attempts to compromise uplink/downlink communications (with or without encryption), interception of communications, including voice calls and data links, such as from the Iridium satellite network (now known to the public), VSAT or Hughes, using equipment developed by companies specializing in providing these technologies to these government agencies, or terminal attacks such as those demonstrated on 24 February 2022, when Viasat's KA-SAT network suffered a significant disruption coinciding with the start of Russia's invasion of Ukraine, resulting in the disruption of satellite internet service to thousands of customers in Ukraine and Europe.

The attack exploited a misconfiguration in a VPN appliance, allowing the attacker to gain access to the trusted management segment of the KA-SAT network. From there, they executed commands that overwrote key data in the flash memory of residential modems, rendering them unable to access the network. This sophisticated attack highlights the evolving nature of threats to satellite infrastructure, moving beyond simple jamming or eavesdropping to targeted, large-scale disruptions of critical communication services (https://news.viasat.com/blog/corporate/ka-sat-network-cyber-attack-overview).

A detailed analysis of KA-SAT terminals was done by Ruben Santamarta at https://www.reversemode.com/2022/03/satcom-terminals-under-attack-in-europe.html, and https://www.reversemode.com/2022/03/viasat-incident-from-speculation-to.html.

Amateur attackers with less resources

On the other hand, the spread of Software Defined Radio (SDR) technology has democratized access to satellite communications. It is now possible for even amateurs to pose a potential threat.

With relatively inexpensive SDR equipment, a homemade antenna and a laptop computer, it is possible to intercept various types of satellite communications, especially those that are not properly encrypted, such as receiving and decoding images from weather satellites, intercepting and decoding satellite phone calls from the Iridium network, or even the video feed from SpaceX's Falcon 9, as has been demonstrated by @OK9UWU, @aang254 and @r2x0t at https://www.rtl-sdr.com/receiving-video-directly-from-a-spacex-falcon-9-rocket-scott-manley-video/

While we've looked at various threats to space infrastructure, from ground stations and uplink and downlink communications to traditional jamming techniques, it's important to recognize that securing the satellites themselves and in orbit is a particular and sometimes overlooked challenge.

Master's thesis on evolving threats and the need for new approaches to secure satellite systems

Protecting a satellite system from an unknown threat is a huge challenge, since the difficulty lies in not knowing what we are protecting it from.

This is the result of several years of professional work in the world of satellite security, and the thesis has been conducted under the direction of Sebastian Garcia and Veronica Valeros, at the Stratosphere IPS Research Laboratory, which is the Cybersecurity Group of the Artificial Intelligence Center, Faculty of Electrical Engineering of the Czech Technical University in Prague, and is the final work of the Master's Degree in Cybersecurity and Cyber Defense at the University of Buenos Aires.

This works presents the evaluation, development and practical implementation of different techniques to protect the critical information of a satellite system and its products, in order to visualize and identify a potential compromise by simulated threats.

It will be fully open-access under license in the next months.