Orbiting miles above us, satellites play a crucial role in ensuring life on Earth runs smoothly. Navigation systems, TV broadcasts, weather and climate monitoring, military communications and IoT devices all rely on satellites. And our dependence on them is increasing each day. Consider the recent launch of Elon Musk’s Starlink internet system, which uses satellites to provide low latency broadband in even the most remote locations.
Obviously, this makes satellites an extremely valuable target for cyber attackers. Let’s take a closer look at the ways satellites can be targeted and examine how we can protect these critical systems.
What kind of threats do satellites face?
To understand this, it’s important to grasp the basics about how satellite systems work. As with much of today’s technology, satellites are so-called “cyber-physical” systems. Each consists of space, ground, user and link segments:
- Space segment – The satellite or spacecraft itself, which orbits above the Earth.
- Ground segment – This includes anything that helps to launch and communicate with the satellite from Earth, such as launch facilities, control centres and ground stations.
- User segment – This refers to items owned by private citizens that connect to a satellite – like a television dish or sat nav.
- Link segment – These are the all-important communication links, which transmit information between the other segments.
A satellite cyber attack can target any of the above segments – covering both the physical and cyber world. Such attacks usually have one of three purposes, to ex-filtrate data (break confidentiality), tamper with data (break integrity), or disrupt a service (break availability). In the physical world, this might involve jamming and spoofing satellite navigation signals. In the cyber world, it could mean quietly intercepting unprotected data.
Which organisations can be affected?
Any organisation that deploys satellites or relies on space-based systems can be affected. It’s a common misconception that cyber attacks on satellites only affect governments or military and security forces. In fact, our whole society depends on space-based systems. For instance, communications in remote areas, GPS navigation systems and even power grids (which use satellite navigation for synchronisation) could be entirely knocked out by a successful attack.
Who are the perpetrators?
Over the past few years, this has changed significantly. Cyber-physical attacks that were previously mostly possible by nation states can now be performed by hacktivists, insurgents, and even interested laypeople. This is because the equipment needed, such as high-frequency modems and transceivers, is now relatively cheap and easily available.
It’s also true that there are simply many more satellites in orbit today. A huge number of private sector companies – Blue Origin and SpaceX to name just two – are now investing heavily in the space industry. As such, we’ve recently seen many small satellites and spacecraft being launched – and a corresponding increase in satellite cyber attacks.
What safeguards can be put in place?
The safeguards required depend very much on a satellite or space mission’s purpose. In each case, it’s crucial to undertake a thorough risk analysis, evaluating all possibilities. The worst-case scenario differs for any mission. For example, potential vulnerabilities and threat actors for a military satellite differ very much for the ones potentially targeting satellites launched by a media company: Hence also attack vectors, cyber-physical techniques used and safeguards are different.
What is universal however, is the need to integrate cyber security into the design process of all space-based systems. Increasing convergence between IT and OT, as well as the long lifecycles involved, make these platforms highly vulnerable. As such, satellite cyber security must be considered across all segments – space, ground, user and link.
Last but not least, for organisations operating in this area, it’s impossible to overstate the importance of training staff on how to react in case of a satellite cyber attack. This can be the difference between an unfortunate outcome and a catastrophic one. Realistic exercises, maybe involving gamification elements can lead to a deep understanding, self-awareness and instincts of the professionals operating critical systems.
The protection of space-based systems is in our DNA – learn more or get in touch to find out how we can support your organisation.