Space, Satellites and Cybersecurity

Risk Management and Cybersecurity of Space and Satellites have come to the forefront of discussion of Western intelligence agencies following a cyberattack on satellite internet modems. The threat is not new, but a growing one as global communications and sensing via space is vital to economic vitality and security. This issue explores some of the developments on the new frontiers.

Thank you for reading and sharing. Kindly follow me on LinkedIn and on Twitter for more writings and posting related to cybersecurity, emerging technologies, and risk management. Best, Chuck Brooks

LinkedIn Profile:?https://www.dhirubhai.net/in/chuckbrooks/

Twitter: @ChuckDBrooks

The Urgency To Cyber-Secure Space Assets

by Chuck Brooks

The Urgency To Cyber-Secure Space Assets (forbes.com) (Link)

Our reliance on space, and especially satellites, for communications, security, intelligence, and commerce has exponentially grown with digital transformation. Unfortunately, so have the risks, as a result, the need to prioritize cybersecurity around space assets is urgent.

Last May, the?Cybersecurity and Infrastructure Security Agency (CISA)?announced the formation of a Space Systems Critical Infrastructure Working Group. The group is composed of government and industry members that operates under the Critical Infrastructure Partnership Advisory Council (CIPAC) framework, bringing together space system critical infrastructure stakeholders.?

According to CISA, “the working group will serve as an important mechanism to improve the security and resilience of commercial space systems. It will identify and offer solutions to areas that need improvement in both the government and private sectors and will develop recommendations to effectively manage risk to space based assets and critical functions.”?See?CISA Launches a Space Systems Critical Infrastructure Working Group | CISA

I was honored to address the group on the topic of Zero Trust and Satellite Communications several weeks back and was extremely impressed with their focus and recognition of the importance of cyber-securing the space frontier that directly impacts all critical infrastructure including agriculture, health, financial, and transportation.

The role of the working group is especially important as networks are changing from terrestrial (land) based communications to the cloud, taking advantage of satellites to move data over large, international distances. And there are now more satellites circling in low earth orbits in 2022 as launch costs have significantly lowered, opening the frontier of space up to major private sector launch initiatives with companies such as SpaceX, Blue Orgin, and many others. According to the Union of Concerned Scientists, at the start of 2022, there were 4,852 satellites in orbit.

THE GROWING THREAT TO SATELLITE ARCHITECTURE AND GROUND -BASED SYSTEMS

The threat to space to ground communications and sensors is very real and ominous, and the creation of the working group is an important first step in meeting threats. As NISTIR draft 8270 eloquently points out, “Space is an emerging commercial critical infrastructure sector that is no longer the domain of only national government authorities. Space is an inherently risky environment in which to operate, so cybersecurity risks involving commercial space – including those affecting commercial satellite vehicles – need to be understood and managed alongside other types of risks to ensure safe and successful operations.”?See?NISTIR 8270 (Draft), Intro to Cybersecurity for Commercial Satellite Operations | CSRC

Top U.S. space officials recently said that it is likelythe Russian invasion of Ukraine?will extend to space, predicting continued GPS jamming and spoofing and urging military and commercial space operators to be prepared for possible cyber- attacks. National Reconnaissance Office Director Chris Scolese urged attendees at a National Security Space Association conference to “Ensure that your systems are secure and that you’re watching them very closely because we know that the Russians are effective cyber actors.”?US space officials expect Russia, Ukraine conflict to extend into space (c4isrnet.com)

Cyber expert?Josh Lospinoso?succinctly describes why the threat is not?theoretical in a recent informative article in?The Hill. He notes that?“Attacks have been going on for many years and have recently ramped up. In 2018, hackers?infected U.S. computers that control satellites. Iranian hacking groups?tried to trick satellite companies into installing malware?in 2019. And?one report concluded?that Russia has been hacking the global navigation satellite system (GNSS) and sending spoofed navigation data to thousands of ships, throwing them off course. While there have not been any public reports of direct hacks on satellites, vulnerabilities in ground stations have been exploited to try to alter satellite flight paths, among other aims.” See?Space race needs better cybersecurity?| TheHill

China also has a capability to act offensively in space, digitally and kinetically.?As far back as 2014, the network of the National Oceanic and Atmospheric Administration (NOAA), was hacked by China. This event disrupted weather information and impacted stakeholders worldwide. There were approximately 14 other satellite attacks before the NOAA attack.?Eight years later, China is now perceived as even more of a threat. A recent GAO report titled “Challenges Facing DoD in Strategic Competition with China”?co-authored by Cathleen Berrick, GAO’s managing director of defense capabilities and management, listed recommendations for DoD?[CB1]?to revamp its satellite-based communications architecture and ground-based systems for the command and control of satellites. These are “actions that may better position DoD to address the challenges with China, but DOD has not yet implemented.”??And she says that “space is very important because DoD, of course, relies on its space based capabilities for communications, for navigation and targeting, and for intelligence collection.” See?GAO: DoD has to step up efforts in space, cyber and artificial intelligence to compete with China - SpaceNews

Washington Post Cybersecurity expert Joseph Marks provides context to the cyber threats. He says that the IT that run most space systems are complex, but the back-end systems are increasingly linked (sometimes intentionally) with commercial front-end systems that hackers are expert at cracking into. He warns that such hacks could be launched by criminal gangs that demand a ransom to unlock them or by adversary nations looking to damage the U.S. economy. Or that in a worst case scenario, hackers could disrupt the command and control of satellites themselves, forcing them to crash into each other with ripple effects across industry sectors. See?Space could be the next frontier for cyber threats (msn.com)

The threat to space assets is both kinetic and non-kinetic. There is an array of capabilities adversaries may use to interfere or disable satellites and ground based systems.?Satellite operations via Earth-bound entry points can offer cyber attackers with an many vectors for hacking. A weaknesses of satellite systems is the use of long-range telemetry for communication with ground stations. The uplinks & downlinks are often transmitted through open?protocols that can be accessed by cyber attackers.

Dr. Malcom Davis, senior analyst at the Australian Strategic Policy Institute, summarizes these threats: “One trend is towards the development of ground-based and space-based (co-orbital) ‘soft kill’ (or non-kinetic) ‘counter space’ capabilities. Satellites could be targeted through electronic warfare (jamming and spoofing), microwave weapons, laser dazzling and, perhaps most worryingly, cyberattacks. The prospect of cyberattacks on satellites dramatically expands the scope and risk of counter space threats for several reasons. Countries like China and Russia, and even Iran and North Korea, are experienced in waging cyber warfare, and directing such attacks against satellites is something they could do now, and at relatively low cost.” See?The cyber threat to satellites | The Strategist (aspistrategist.org.au)

PROTECTING SPACE ASSETS AS CRITICAL INFRASTRUCTURE

The recognition of the risks to space-based assets is not new but protecting them has not been prioritized. Bob Gourley, founder of Ooda.com and former government intelligence official captures the longevity of the issue, he said that “Since the October 1957 launch of Sputnik humans have been putting satellites into space, giving the world 60 years to engineer out problems with operating in this harsh domain. Now a new challenge has arose, one that the community has not addressed yet. This is the threat of cyber-attack. Both the on orbit and ground components of space systems have yet to fully address this threat.”?The Growing Risk of a Major Satellite Cyber Attack - Via Satellite (satellitetoday.com)

Over two years ago a report by the Aerospace Corporation summed up why cybersecurity for space is an imperative: “Space systems comprise many government and commercial components where cybersecurity and space operations are inextricably linked. The vulnerability of satellites and other space assets to cyberattack is often overlooked in wider discussions of cyber threats to critical national infrastructure. Neither space policy nor cybersecurity policy is prepared for the challenges created by the meshing of space and cyberspace, especially for the spacecraft. With the emerging cyber threats to spacecraft from nation-state actors, additional spacecraft defenses must be implemented.”?Bailey_DefendingSpacecraft_11052019.pdf (aerospace.org)

There are numerous convincing arguments why space needs to be formally listed as U.S. critical infrastructure. Unfortunately, it has not been deemed so yet but there is promise. There is pending legislation in the House of Representatives called?The Space Infrastructure Act?that would designate space as the 17th?critical infrastructure. Sam Visner, a technical fellow at the MITRE Corporation and former associate at the?Space Information Sharing and Analysis Center,?has been one of the prominent experts leading the charge for that formal recognition to have the Department of Homeland Security (DHS)?declare space as critical infrastructure along with 16 other verticals.

Sam offers concrete reasons for space becoming part of the listed critical infrastructure and predicts that” the space rush will result in tens of thousands of new assets launched within the decade, which will create a ’truly enormous’ cyber-attack surface.”??Sam Visner also illuminates how “legacy assets, which are nodes in space-based and space-to-terrestrial communications that can serve as potential network entry points, much as endpoints (e.g., devices, servers, etc.) do in traditional IT networks” can be exploited by adversaries.?Amid Space Race, Cybersecurity And Resiliency Remain Concerns: Experts - Breaking Defense Breaking Defense - Defense industry news, analysis, and commentaryavid Logsdon, Senior Director of CompTIA’s Space Enterprise Council, is another vibrant voice in the emerging global space security advocacy community. David explained to me that many companies do not realize how integral space is for their operations and commerce.?He says that many companies are already using satellite platforms to deliver data services, including satellite imagery, broadband communications, and value-added GPS services. He says that cyber-securing space assets are vital for thwarting threat that can dismantle their ability to operate as businesses.

OPTIONS FOR BOLSTERING SPACE CYBERSECURITY

In their article?Space is Critical?-It’s Time We Act Like It,??Edward Swallow, senior vice president and chief financial officer at The Aerospace Corporation and?MITRE Fellow?Samuel S. Visner?offer recommendations for moving forward on enhancing security for our space assets.?They are both part of The Space Information Sharing and Analysis Center, or Space ISAC that outlined excellent options for addressing cyber-risk in space. Those recommendations include:

Recognize the critical importance of our space systems — and make our position known?to allies, partners, competitors, and adversaries. We must harden space systems and be prepared to respond to and deter attacks.

Create a national and international information-sharing architecture for the security and resiliency of space systems,?ranging from engineering best practices to operational threat intelligence. Space ISAC made notable strides in sharing unclassified information, and we need to extend our information-sharing in the classified domain. In addition, the U.S. needs to leverage Space ISAC to launch an effort encompassing the full range of national and international space industry players, from manufacturing and launch services to ground and in-orbit operations.

Establish an interagency, federal risk management structure?with responsibility for space systems security and resilience that reports (at least initially) to the vice president.

Take the lead in building international consensus?regarding the security of space systems and reinforcing existing norms against attacks on those systems. Article 7 of the Outer Space Treaty could be amended to make explicit prohibitions of cyberattacks against space systems. If other countries are not prepared to accept these changes, the U.S. should signal our resolve with a robust policy statement and be clear in making other parties understand our commitment to respond to perceived hostile acts. This will strengthen the security and resilience of our own systems. See?Space is Critical — It’s Time We Act Like It - Via Satellite - (satellitetoday.com)

?In an article in?Homeland Security Today, Paul Ferrillo Esq, and I composed an article Protecting Space-Based Assets from Cyber Threats. In our article, we set forth below a non-exclusive list of security elements for defending space-based assets and satellites, along with ground-based control flight networks. We have adapted these from “Defending Spacecraft in the Cyber Domain” and government sources (please see references below).

1.?????Security by design – not security as an afterthought – built into every satellite from the ground up.

2.?????Identity and access management (“IAM”) – those accessing flight control information and surfaces need to be identified and verified by an IAM solution that will pass muster on the user using machine learning identifiers to attempt to prevent authorized access to critical vehicle functions.

3.?????Multi check for IoT related devices – IoT devices must be able to be updated; no hard-coded passwords should be allowed.

4.?????The backbone of a cyber-resilient spacecraft should be a robust intrusion detection system (IDS). The IDS should consist of continuous monitoring of telemetry, command sequences, command receiver status, shared bus traffic, and flight software configuration and operating states, anticipate and adapt to mitigate evolving malicious behavior. The spacecraft IPS and the ground should retain the ability to return critical systems on the spacecraft to known cyber-safe mode. Logging should also be available to cross-check for anomalous behavior.

5.?????It is critical that spacecraft developers implement a supply chain risk management program. They must ensure that each of their vendors handles hardware and software appropriately and with an agreed-upon chain of custody. Critical units and subsystems should be identified and handled with different rigor and requirements than noncritical units and subsystems and should also be constructed with security in mind. All software on the spacecraft should be thoroughly vetted and properly handled through the configuration management and secure software development processes (DevSecOps).

6.?????Both the spacecraft and ground should independently perform command logging and anomaly detection of command sequences for cross validation. Commands received may be stored and sent to the ground through telemetry and automatically checked to verify consistency between commands sent and commands received.

7.?????Protections should be made against communications jamming and spoofing, such as signal strength monitoring and secured transmitters and receivers; links should be encrypted to provide additional security.

Security elements for defending ground-based systems and network assets include but are not limited to (also from the Homeland Security Today article):

1.?????Adoption of cybersecurity best practices, including those aligned with the NIST cybersecurity framework (“CSF”). As academic professors and pragmatists, we both are ardent supporters of the CSF and see no reason why the hundreds of space and satellite suppliers should not adopt the NIST framework.

2.?????Key network components should be logically and physically separate to prevent virus-like (ransomware) attacks from spreading throughout the network.

3.?????All ground-based system and network assets should be required to have the following policies in place: incident response, business continuity and crisis communications plans, patching policies, BYOD policies and backup policies.

4.?????All ground-based space systems and facilities should be required to hold quarterly employee training for all individuals on things like spear-phishing and socially engineered email attacks.

5.?????All ground-based space systems and facilities should be required to adopt a fulsome vendor supply chain risk management program that touches all primary and tertiary vendors.

6.?????All ground-based space systems and facilities must adopt machine learning intrusion detection systems to help guard against anomalous and potential malicious activity.

7.?????All ground-based space systems, facilities, and space manufacturers and vendors should be required to join the Space ISAC to be able to collaborate by sharing threats, warnings, and incident information.

See?Protecting Space-Based Assets from Cyber Threats - HS Today

Josh Lopinso, in his excellent and earlier referenced?The Hill?article, also offers some great recommendations for enhancing cybersecurity capabilities:

• Fix the technology gaps. Satellite systems were not designed with security in mind. They have weak encryption and use legacy systems that are not easily patched or updated. And some of the navigation protocols are broken — I’ve built systems that spoof some of those protocols and discovered that it’s pretty trivial to do so with a few thousand dollars of investment. Traditional IT security solutions don’t protect the OT layers that satellites rely on. These security lapses make satellites vulnerable to hacking.
• Learn from IT security. Securing space assets is achievable, especially if we lean on the decades of hard lessons in securing IT networks. These include basics such as setting best practices like understanding your assets and observing what’s happening there to help detect attacks. Vendors should harden the code running on space systems and use the principle of least privilege for accessing the systems. These same lessons have been applied to transportation OT systems successfully. It shouldn’t take as long to get there with space systems.??
• Agree on standards. This includes establishing reasonable security measures and sharing threat information, as well as developing a common cybersecurity architecture. The U.S. is in the early stages of devising cybersecurity rules for other critical infrastructure — like?freight and passenger rail systems?— and should get started with space now too.?
• Realign incentives. Vendors and customers need more motivation to adopt risk mitigation approaches. When critical infrastructure goes out of service, millions of people can be affected. The total economic loss from these outages is orders of magnitude higher than the expenses incurred by the infrastructure operator. For example, Colonial Pipeline paid a $6.5 million ransom to get their gas pipelines flowing again, but that pales in comparison to the net effect of millions of people on the eastern seaboard who couldn’t pump gas. After the attack, we saw efforts from the U.S. government to apply?regulations?regarding breach reporting for pipeline systems, and we’re seeing similar efforts in the transportation sector. Federal regulations and the risk of bottom-line impact compel most companies to improve cybersecurity practices — which would benefit space technology as well. See:?Space race needs better cybersecurity?| TheHill

The east side of the US Capitol in the early morning. Senate Chamber in foreground.I invite you to?... [+]?GETTY

S.3511 - Satellite Cybersecurity Act

To make Space Cybersecurity more operational, it requires authorization and funding by Congress. Legislators have recognized the deficiencies and importance of satellite cybersecurity and legislation has been advanced.?Bipartisan legislation called?The Satellite Cybersecurity Act?is “designed to assist in the development, maintenance?and operation of commercial satellite systems.” Those suggestions would need to include materials addressing risk-based, cybersecurity-informed engineering, protection against unauthorized access to systems and communications jamming and spoofing, supply chain management and more. The legislations proposes that CISA would also be tasked with the role of creating and maintaining a “commercial satellite system cybersecurity clearinghouse” to house all recommendations and resources for interested entities to access in one place. See?Lawmakers Propose Expanding Cybersecurity Support for Commercial Satellite Companies - Nextgov

MORE RESOURCES ON SPACE SECURITY

·????????Introduction to Cybersecurity for Commercial Satellite Operations?NISTIR 8270 (Draft), Intro to Cybersecurity for Commercial Satellite Operations | CSRC

·????????Another excellent resource of the discussion of space based security issues can be found at the?Atlantic Council’s Geotech Center?video of Dr. David Bray, Dr. William Jeffrey, Dr. Divya Chander, and myself discussing why space will require new regulations and international norms and will create novel opportunities for industry and innovation, from transportation and satellite communications to data sharing, artificial intelligence, and national security. See?Cybersecurity of Space-Based Assets and Why this is Important - Atlantic Council

·????????Space Information Sharing and Analysis Center?Space ISAC - Space Information Sharing and Analysis Center (s-isac.org)

CompTIA Space Enterprise Council:?Space Enterprise Council | Public Sector | CompTIA

·????????Space Cybersecurity Symposium II: Applied Cybersecurity for Space?Space Cybersecurity Symposium II: Applied Cybersecurity for Space | NIST

This article is intentionally long and aside from discussing the key aspects of cyber-security space was designed to also serve as a resource.?Space is an emerging and critical cybersecurity frontier that we are becoming increasingly dependent on for both our commerce and security. It needs attention of the national security establishment and certainly to be integrated a priority critical infrastructure to protect by DHS CISA. DOD, the USAF, and Space Command are also initiating programmatic activities to protect space assets that are important to all domain operations. There is an urgency to move forward in a rapid, ambitious, and focused path.

ABOUT THE AUTHOR

Chuck Brooks on cover of Top Cyber News Magazine?TOP CYBER NEWS MAGAZINE

Chuck Brooks, President of Brooks Consulting International, is a globally recognized thought leader and subject matter expert Cybersecurity and Emerging Technologies. Chuck is also Adjunct Faculty at Georgetown University’s Graduate Applied Intelligence Program and the Graduate Cybersecurity Programs where he teaches courses on risk management, homeland security, and cybersecurity. LinkedIn named Chuck as one of “The Top 5 Tech People to Follow on LinkedIn.” He was named as one of the world’s “10 Best Cyber Security and Technology Experts” by Best Rated,?as a “Top 50 Global Influencer in Risk, Compliance,” by Thompson Reuters, “Best of The Word in Security” by CISO Platform, and by IFSEC and Thinkers 360 as the “#2 Global Cybersecurity Influencer.” He was featured in the 2020, 2021, and 2022 Onalytica "Who's Who in Cybersecurity" – as one of the top Influencers for cybersecurity. He was also named one of the Top 5 Executives to Follow on Cybersecurity by Executive Mosaic, He is also a Cybersecurity Expert for “The Network” at the Washington Post, Visiting Editor at Homeland Security Today, Expert for Executive Mosaic/GovCon, and a Contributor to FORBES. He has an MA in International relations from the University of Chicago, a BA in Political Science from DePauw University, and a Certificate in International Law from The Hague Academy of International Law.

###

GovCon Expert Chuck Brooks: Why Space Should Be the 17th Critical Infrastructure

by?Charles Lyons-Burt

GovCon Expert Chuck Brooks: Why Space Should Be the 17th Critical Infrastructure (executivegov.com) (Link)

Expert Chuck Brooks, President of Brooks Consulting International and adjunct professor at Georgetown University,?has written an article for Forbes that lays out imperatives for tightening cybersecurity measures in satellite activity.

In the February 27-published piece, “The Urgent Need to Cyber-Secure Space Assets,” Brooks compiles various incursions on U.S. data and satellite systems that have already occurred, as well as discusses the need for space to be considered as viable a domain for protection as any other.

Space is not considered a U.S. critical infrastructure in the federal legislature, a list which currently comprises 16 different enterprises. But Brooks argues that it should be the 17th critical infrastructure and is a booster of a proposal that has been introduced to the House of Representatives called the Space Infrastructure Act.

Brooks also cites?Edward Swallow, senior vice president and chief financial officer at The Aerospace Corporation and?Samuel S. Visner, MITRE fellow, who claim that there should be “an interagency, federal risk management structure with responsibility for space systems security and resilience” in place to safeguard space-bound resources.

Such programs have already started to crop up, such as the Cybersecurity and Infrastructure Security Agency’s Space Systems Critical Infrastructure Working Group. The coalition is made up of both government officials and industry leaders.

Brooks attests that satellite and space security is of budding importance because “our reliance on space, and especially satellites, for communications, security, intelligence, and commerce has exponentially grown with digital transformation.”

He also references the increasing number of satellites currently in low Earth orbit, which amounts to almost 5,000 and which are also expanding in their source and purpose, with more satellites than ever being launched for commercial interests rather than just those of national governments.

In the article, Brooks cites a?Homeland Security Today piece?that he co-authored with Paul Ferillo where the two explicate some “security elements for defending space-based assets and satellites, along with ground-based control flight networks.”

These potential measures include identity and access management, multi-check log-in processes for Internet-of-Things devices and implementation of a supply chain risk management program for all vendors and software users who come into contact with the satellite systems.

Per his and Ferillo’s article, Brooks says, “The backbone of a cyber-resilient spacecraft should be a robust intrusion detection system (IDS). The IDS should consist of continuous monitoring of telemetry, command sequences, command receiver status, shared bus traffic and flight software configuration.”

Such measures are crucial, according to Brooks and his research, to protect from ransomware threats, economic attacks from U.S. adversaries as well as hackers looking to hijack the satellites for their own purposes.

Possible methodologies of attack might be electronic warfare such as jamming or spoofing, microwave weapons or laser dazzling, in addition to the previously stated and more insidious cyber invasions.

“Space is an emerging and critical cybersecurity frontier that we are becoming increasingly dependent on for both our commerce and security. It needs the attention of the national security establishment and…There is an urgency to move forward in a rapid, ambitious, and focused path,” Brooks concludes.

ABOUT

ExecutiveGov, published by Executive Mosaic, is a site dedicated to the news and headlines in the federal government. ExecutiveGov serves as a news source for the hot topics and issues facing federal government departments and agencies such as Gov 2.0, cybersecurity policy, health IT, green IT and national security. We also aim to spotlight various federal government employees and interview key government executives whose impact resonates beyond their agency.

###

Cybersecurity of Space-Based Assets and Why this is Important

By?the GeoTech Center

Cybersecurity of Space-Based Assets and Why this is Important - Atlantic Council (Link)

Space is quickly becoming the new frontier to be explored by national governments and private sector actors. In the process, the different parties are preparing themselves for an environment with the same competition and collaboration that are typical on Earth, which will require new regulations and international norms and will create novel opportunities for industry and innovation, from transportation and satellite communications to data sharing, artificial intelligence, and national security.

On a recent joint Georgetown and Atlantic Council masters’ class, GeoTech Director Dr. David Bray shared his insights on the seminar’s question: “Cybersecurity of Space-Based Assets and Why This Is Important.” This masters’ class also featured GeoTech Fellows and experts Dr. William Jeffrey, Chuck Brooks, and Dr. Divya Chander.

We invite you to watch the informative recording: Cybersecurity of Space-Based Assets and Why This Is Important from Atlantic Council on Vimeo

###

Protecting Space-Based Assets from Cyber Threats

By Chuck Brooks and Paul Ferrillo

Last August, the Air Force and DOD’s Defense Digital Service ran a competition intended to spur interest in aerospace cybersecurity. The challenge was called “Hack-A-Sat” and hackers were able to take control of a satellite. While it was a controlled event, the hackers demonstrated why protecting space-based assets from cyberthreats needs to be a new priority.

The threats

The national security community believes it is only a matter of time before the nation-states move their cybersecurity wars to “space”-based assets like satellites. The purpose of targeting satellites would be an attempt to disrupt communications or information streams vital for commerce and security. China, Russia, and other nation-states possess the capabilities already to do a cyber-attack on the high frontier.

In 2014 the network of the National Oceanic and Atmospheric Administration was hacked by China. This event disrupted weather information and impacted stakeholders worldwide. (1) There were approximately 14 other satellite attacks before the NOAA attack. (2) This one was not a new realization for cyber-defenders.

The threat is both kinetic and non-kinetic. There is an array of capabilities adversaries may use to interfere or disable space-based assets. Dr. Malcom Davis, senior analyst at the Australian Strategic Policy Institute, summarizes these threats: “Counter space capabilities are emerging in the Chinese and Russian militaries. One trend is towards the development of ground-based and space-based (co-orbital) ‘soft kill’ (or non-kinetic) ‘counter space’ capabilities. Satellites could be targeted through electronic warfare (jamming and spoofing), microwave weapons, laser dazzling and, perhaps most worryingly, cyberattacks. The prospect of cyberattacks on satellites dramatically expands the scope and risk of counter space threats for a number of reasons. Countries like China and Russia, and even Iran and North Korea, are highly experienced in waging cyber warfare, and directing such attacks against satellites is something they could do now, and at relatively low cost.” (3)

Why satellites and why now? Principally because our networks are changing from terrestrial (land) based communications to the cloud, taking advantage of satellites to move data over large, international distances. Second, there are more satellites circling in low earth than ever as launch costs have significantly lowered, which has created more targets and thus a wider attack surface for hackers to potentially attack both in space and at land-based control centers.

Bill Malik, expert on satellite cybersecurity and vice president of infrastructure systems at cybersecurity firm Trend MicroOne, recently noted, “The threat is clearly growing, First, the cost of jamming and control-takeover technology is dropping, and the benefits to hackers (whether criminals or nation-state actors) is growing. More sophisticated supply-chain attacks could harm food production (by tampering with crop observations — drought (leading to over- or under-watering), insect or blight infestations (leading to incorrect application of pesticides), harvest times (leaving foodstuffs to rot, or be harvested too early (impacting yield and causing price instability in futures markets).” (4)

Increased global connectivity to industry verticals combined with the nationwide rollout of 5G communications may even create more of an opportunity for hackers to intercept space-bound communications.

“Battening down” space-based assets and terrestrial control networks

Though there are few clear rules of the road on space-based and terrestrial-based control networks, it is clear that many rules of the road for terrestrial-based networks (of whatever sort) have not significantly changed just because they interact with satellites.

We set forth below a non-exclusive list of security elements for defending space-based assets and satellites, along with ground-based control flight networks. We have adapted these from “Defending Spacecraft in the Cyber Domain” and government sources. (5)

1. Security by design – not security as an afterthought – built into every satellite from the ground up.
2. Identity and access management (“IAM”) – those accessing flight control information and surfaces need to be identified and verified by an IAM solution that will pass muster on the user using machine learning identifiers to attempt to prevent authorized access to critical vehicle functions.
3. Multi check for IoT related devices – IoT devices must be able to be updated; no hard-coded passwords should be allowed.
4. The backbone of a cyber-resilient spacecraft should be a robust intrusion detection system (IDS). The IDS should consist of continuous monitoring of telemetry, command sequences, command receiver status, shared bus traffic, and flight software configuration and operating states, anticipate and adapt to mitigate evolving malicious behavior. The spacecraft IPS and the ground should retain the ability to return critical systems on the spacecraft to known cyber-safe mode. Logging should also be available to cross-check for anomalous behavior.
5. It is critical that spacecraft developers implement a supply chain risk management program. They must ensure that each of their vendors handles hardware and software appropriately and with an agreed-upon chain of custody. Critical units and subsystems should be identified and handled with different rigor and requirements than noncritical units and subsystems, and should also be constructed with security in mind. All software on the spacecraft should be thoroughly vetted and properly handled through the configuration management and secure software development processes (DevSecOps).
6. Both the spacecraft and ground should independently perform command logging and anomaly detection of command sequences for cross validation. Commands received may be stored and sent to the ground through telemetry and automatically checked to verify consistency between commands sent and commands received.
7. Protections should be made against communications jamming and spoofing, such as signal strength monitoring and secured transmitters and receivers; links should be encrypted to provide additional security.

Security elements for defending ground-based systems and network assets include but are not limited to:

1. Adoption of cybersecurity best practices, including those aligned with the NIST cybersecurity framework (“CSF”). As academic professors and pragmatists, we both are strong supporters of the CSF and see no reason why the hundreds of space and satellite suppliers should not adopt the NIST framework.
2. Key network components should be logically and physically separate to prevent virus-like (ransomware) attacks from spreading throughout the network.
3. All ground-based system and network assets should be required to have the following policies in place: incident response, business continuity and crisis communications plans, patching policies, BYOD policies and backup policies.
4. All ground-based space systems and facilities should be required to hold quarterly employee training for all individuals on things like spear-phishing and socially engineered email attacks.
5. All ground-based space systems and facilities should be required to adopt a fulsome vendor supply chain risk management program that touches all primary and tertiary vendors.
6. All ground-based space systems and facilities must adopt machine learning intrusion detection systems to help guard against anomalous and potential malicious activity.
7. All ground-based space systems, facilities, and space manufacturers and vendors should be required to join the Space ISAC in order to be able to collaborate by sharing threats, warnings and incident information.

Should there be cybersecurity regulation for space-based systems?

We note that at least for the moment the lists we have outlined above of “should haves” and “must haves” are completely voluntary. Even the presidential memo, Space Policy Directive 5, is merely a directive that does not have the force of law or regulation. There is a huge national defense component of our race “back into space.” There also is a huge spending component of the space race as well. Indeed, in the United States, the FAA (2018) estimated the U.S. space industry was valued at approximately $158 billion in 2016. Similarly to Canada, satellite communications reportedly lead the space sector in the United States; specifically, satellite services, manufacturing, ground equipment, and launch services (FAA 2018). The DOC Bureau of Industry and Security (2014, 3) estimated employment for the “U.S. space industrial base” was over 2.6 million workers in 2012. See “Measuring the Value of the U.S. Space Economy.” (6)

Given these facts and figures, we would suggest that the “Space Systems” industry adopt, if not require, participants to partake in a DoD-inspired CMMC-like regulatory model to create rigor in space cybersecurity requirements. There is way too much at stake here to allow lax security to potentially jeopardize our national security and perhaps the health and safety of dedicated space workers.

What is clear is that protecting space-based assets from cyber threats is a national security imperative. As we invest and continue to build the satellite backbone that will guide our safety and economic well-being for the next decades, security by design cannot be an afterthought.

Sources:

See “Cybersecurity and Space Security,” available at?https://www.thespacereview.com/article/3950/1?(“Cybersecurity and Space Security” article)

See Attack Vectors in Orbit: the Need for IoT and Satellite Security, (RSA presentation), chart available at?https://published-prd.lanyonevents.com/published/rsaus19/sessionsFiles/13692/MBS-W03-Attack-Vectors-in-Orbit-The-Need-for-IoT-and-Satellite-Security.pdf

See “The Cyber Threat to Satellites,” available at?https://www.realcleardefense.com/articles/2019/09/09/the_cyber_threat_to_satellites_114731.html; Cybersecurity and Space Security article at p. 2 (explaining the difference between Kinetic and non-kinetic attacks on space-based assets)

See “The NSA is studying satellite hacking,” available at?https://www.defenseone.com/technology/2019/09/nsa-studying-satellite-hacking/160009/; “Securing the final frontier: Why space systems need cybersecurity too,” available at?https://www.kaspersky.com/blog/secure-futures-magazine/cybersecurity-space-exploration/31581/. (“Although residing in the vacuum of deep space makes them less vulnerable to physical attacks, space-based systems are still ultimately controlled from computers on the ground. That means they can be?infected just like any other system.”)

See?https://aerospace.org/sites/default/files/2019-11/Bailey_DefendingSpacecraft_11052019.pdf?and the “Memorandum on Space policy Directive- 5 – Cybersecurity Principles for Space Systems,” available at?https://www.whitehouse.gov/presidential-actions/memorandum-space-policy-directive-5-cybersecurity-principles-space-systems/?(“SPD 5”) as much of the information in this space is “all over the map,” if it exists in one place at all.

See?https://apps.bea.gov/scb/2019/12-december/1219-commercial-space.htm

Author Bios:

Paul Ferrillo?is a partner at the law firm of McDermott Will & Emer. He focuses his practice on corporate governance issues, complex securities class action, major data breaches and other cybersecurity matters, and corporate investigations. He is also a Adjunct Professor at Florida State University College of Law, and the current Director of the New York Chapter of Infraguard. Paul is author of the books?Take Back Control of Your Cybersecurity Now: Game Changing Concepts on AI and Cyber Governance Solutions for Executives?and Navigating the Cybersecurity Storm: A Guide for Directors and Officers

Chuck Brooks, President of Brooks Consulting International, is a globally recognized thought leader and subject matter expert Cybersecurity and Emerging Technologies. He is Adjunct Faculty at Georgetown University in the Cyber Risk Management and Applied Intelligence programs. During his career, Chuck received two Presidential Appointments, and served an executive for several leading public companies. LinkedIn named Chuck as one of “The Top 5 Tech People to Follow on LinkedIn.” He was named by Thompson Reuters as a “Top 50 Global Influencer in Risk, Compliance,” and by IFSEC as the “#2 Global Cybersecurity Influencer.”?He is also a Visiting Editor of Homeland Security Today.

###

RELATED ARTICLES & RESOURCES:

Britain, U.S. warn of satellite communications risks after Ukraine hack

By?James Pearson

Britain, U.S. warn of satellite communications risks after Ukraine hack | Reuters (Link)

LONDON, March 18 (Reuters) - Britain and the United States have warned organisations of the risks associated with using satellite communications following a cyberattack on satellite internet modems as Russia invaded Ukraine.

Western intelligence agencies have been investigating the attack which disrupted broadband satellite internet access provided by U.S. telecommunications firm Viasat, Reuters?reported?last week.?read more

"It's certainly something we're investigating quite actively - more than quite actually," a British official told reporters on Friday. "We've been talking extensively to UK organisations to give them a sense of how we can advise them on that point."

The unidentified hackers disabled tens of thousands of modems that communicate with Viasat Inc's KA-SAT satellite, which supplies internet to some customers in Europe, including in Ukraine.

Late on Thursday, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a?joint statement?which warned of the "possible threats to U.S. and international satellite communication (SATCOM) networks" in the wake of the attack.

SATCOM network providers and customers should increase their security and report any malicious activity given the "current geopolitical situation", the statement said.

French government cybersecurity organisation ANSSI and Ukrainian intelligence are assessing whether the remote sabotage was the work of Russian-state backed hackers preparing the battlefield by attempting to sever communications, Reuters reported.

Russian troops have taken heavy losses while blasting residential areas in Ukraine to rubble, sending more than 3 million refugees fleeing. Moscow denies it is targeting civilians in what it calls a "special operation" to disarm its neighbour.?read more

The digital blitz on the satellite service began on Feb. 24 between 5 a.m. and 9 a.m., the day Russian forces launched their invasion.

"Were it to be ultimately attributed to Russia, it would very much fit within what we expect them to do, which is use their cyber capabilities to support, ultimately, their military campaign," the British official said.

Space could be the next frontier for cyber threats

by Joseph Marks?

Space could be the next frontier for cyber threats (msn.com) (Link)

A satellite hack could wreak havoc on earth

Cyber analysts are pushing the Department of Homeland Security to ramp up cyber protections for satellites and other space-based systems, which they say are far too vulnerable to hacks that could upend large parts of the economy.

For example: A hack that disrupted satellite-assisted navigation could jam up things from shipping and trucking to farms that rely on precision navigation tools, wreaking havoc on the economy.

“Almost every critical function ... is dependent on space,” said?Sam Visner, a technical fellow at the MITRE Corp., speaking on a?panel?focused on cyberthreats to space that I moderated at the?Aspen Security Forum. “Other countries see this as an advantage for themselves. … They see our vulnerabilities in space and space systems as a way of gaining an advantage over us amid great power competition.”

The threat

The danger has escalated as the number of space systems has proliferated?and as more of it is being run by private companies such as Elon Musk’s SpaceX and Jeff Bezos’s Blue Origin. (Bezos owns The Washington Post).

The IT that run most space systems is complex and requires specialized knowledge that few hackers have. But those back-end systems are increasingly linked (sometimes intentionally) with commercial front-end systems that hackers are expert at cracking into.

• Such hacks could be launched by criminal gangs that demand a ransom to unlock them or by adversary nations looking to damage the U.S. economy.
• A worst case scenario: Hackers might disrupt the command and control of satellites themselves, forcing them to crash into each other with ripple effects across industry sectors.

The big ask

Visner and others want DHS to declare space the 17th official?critical infrastructure?sector, joining others such as energy, transportation and water. That would essentially make it easier for government and industry to work together on developing cyber standards and sharing information about threats.?

There’s some steam behind the idea.?

Reps.?Ted Lieu?(D-Calif.) and?Ken Calvert?(R-Calif.) introduced a?bill?in June that would mandate such a designation. The lawmakers are co-chairs of the California Aerospace Caucus. There’s no indication the bill will become law anytime soon, but it sets down a marker that Congress is interested in the issue.

The government is also taking cyberthreats to space more seriously. About nine months after establishing the Space Force, President Donald Trump signed an?order?directing the government to work with the space industry to develop cybersecurity best practices.?

The Intelligence and National Security Alliance, a trade group filled with former national security officials, put out a white paper this month urging the designation.?

From the white paper: “Designation would … make clear to U.S. adversaries that the United States is committed to defending its space infrastructure, contribute to the establishment of global norms regarding the safety and security of space systems, and accelerate development of best practices and technologies for ensuring space security and resilience.”

There are some big roadblocks, too.

National Cyber Director?Chris Inglis?isn’t keen on the idea,?ReadMe’s Shaun Waterman?reports.

The problems:

• A lot of space systems are already part of other critical infrastructure sectors, such information technology and the defense industrial base.
• Using critical infrastructure sectors to assess risks started soon after the Sept. 11, 2001, terrorist attacks and has proved unwieldy as cyberthreats have proliferated. The Biden administration has been working toward a more nuanced system that identifies particular functions and systems as critical rather than whole industry sectors. One version of that effort focuses on 55 “critical functions.”
• Government is also struggling to improve protections for existing critical infrastructure sectors, many of which have been bombarded with ransomware attacks.

“Risk does not neatly align to sector boundaries,” Inglis told ReadMe. “So we’re going to walk, not so much away from the critical sectors, but towards this idea that what we’re really interested in is the threats that cut across those.”

Supporters, however, say space deserves special treatment because it affects so many other vital industries.?

Here’s?John Galer, assistant vice president for national security space at the Aerospace Industry Association and another panelist at the Aspen summit: “There are 55 national critical functions and space either has dependencies or uses in all those things. … Absent the critical infrastructure designation, whether that happens or not, we've got a challenge here and we have to get after it.”

###

Space jam: why the military is prioritising cybersecurity for space

Why the military is prioritising cybersecurity for space - Global Defence Technology | Issue 120 | February 2021 (nridigital.com) (Link)

As military and civilian capabilities increasing rely on space-based assets,?Berenice Healey?asks space and cybersecurity experts about the potential effects of a cyberattack against them and how to offer protection

For 100 years there were three military domains – land, sea and air – each led by, but not exclusive to, its respective military branch. In recent decades all three have come to rely on cyber and space capabilities and have recognised them as domains in their own right through the establishment of specialist military commands.

Cyber and space have a unique interdependence, as evinced by cyber being at the heart of the mission of the US Space Force and the upcoming UK Space Command. Defence and Security Equipment International (DSEI), the defence industry event held every two years in London, launched a Space Hub in 2019 to recognise its increasing cross-domain importance. It aims to grow its space presence in 2021 under the auspices of its newly appointed space advisor Dr Michael Holden.

“Space-based assets are critical to the modern military's capability and form part of the critical national infrastructure of a modern economy,” Holden explains. “Being able to protect and defend the assets is critical to both military and to the day-to-day running of the modern economy.”

An estimated ￡1bn of UK economic activity every day is supported by space-based assets. Given this number, the potential impact to the economy of losing space assets becomes clear – and cyber threats are just one risk.

Holden explains: “To put these cyber threats in in context, the US defence space strategy listed the threats that they see to space-based systems on a continuum from denial and deception, electronic warfare, directed energy weapons, cyberspace threats, orbital threats, kinetic energy threats, ground site attacks and nuclear detonation in space.”

The US space strategy also categorises threats on a scale of fully reversible to irreversible and, depending on its nature, a cyberattack could sit anywhere between the two extremes.

Protecting space-based assets from cyber threats

Holden identifies three factors that are essential to protecting space-based assets from cyberattack.

First, governments are adopting a risk and systems-based approach, identifying all the risks to a system rather addressing cyber threats separately and simply putting a firewall around a system.

“This also needs to look at the personnel, the doctrine, the processes, the policy, the legislation, and the physical security as well as the technical considerations,” he says. “The design of the protection needs to consider all these issues and pull together a coherent design and plan in terms of that risk-based approach.”

The risks and threats to the system are constantly evolving as is the impact of risks occurring.

Second, there needs to be assessment of the risks and threats to any system, including identifying them and assessing the severity of impact if they occur.

“Crucially, fallback plans need to be thought of at this stage, so if something does happen then you know what you would do in that situation in terms of reacting to it and recovering from it. It is about risk management and not risk avoidance these days.”

Finally, it is important to recognise it is not a one-off event to secure the system.

“The risks and threats to the system are constantly evolving as is the impact of risks occurring, as is the severity, based on what you're trying to do with the things,” Holden says. “The risks issues and the fallback need to come together in a coherent plan and that needs a resource and cost-risk, cost-benefit trade-off to come up with an overarching scheme.”

Where could attacks originate?

CybelAngel vice-president of cyber operations and former FBI executive Todd Carroll explains that while physical attacks are likely being developed, cyber presents the most likely risk.

“Why make it complicated to disable a, let's say, communication satellite or a GPS synchronous military device when cyber is the easiest way?” he asks. “If you can deny the communications or throw it out of orbit, you can manipulate it to make it look like an accident or collided with something else. It’s getting crowded up there.”

Carroll says that while the military used to rely on an “air gap” to ensure a secure environment, the number of parties and systems involved in creating and operating space systems introduces vulnerabilities.

As long as humans have their index finger clicking on stuff, we're going to have phishing attacks, because humans can't help themselves.

“Take US Space Command; they are not doing this on their own. I can only guess and how many hundreds and probably thousands of different vendors touch and support their systems,” he says.

“Something small is going to be a vulnerability that someone's going to find, whether it's an adversary or criminal group. They're going to see a device that is not configured properly or has a vulnerability because it's not been patched properly, and it hasn't been secured and it's just going to be another gateway to entry.

“As long as humans have their index finger clicking on stuff, we're going to have phishing attacks, because humans can't help themselves.”

Why target military space capabilities?

Cyber Security Associates founder and technical director James Griffiths says that a key aim of cyberattacks against military space systems is to disrupt communications, command and control and satellite imagery for intelligence gathering.

“In some scenarios, this could have life-and-death consequences,” says Griffiths. “If they are to take over control of the satellite, they could use the satellite itself as a weapon to target other space assets or even crash the satellite into the atmosphere, which will either burn up on re-entry or, potentially if larger, cause damage to an area on the ground.”

KnowBe4 security awareness advocate Javvad Malik adds: “At a nation level, space-based cyber espionage is a real threat, with many spy satellites having been in orbit since the Cold War. On a more individual level, GPS is heavily reliant on satellites, which, if compromised, could have a massive impact on systems which rely on GPS, not to mention the millions of people which rely on it to navigate on a day-to-day basis.”

SentinelOne chief security advisor Morgan Wright also emphasises the importance of GPS, saying: “The military heavily relies on accurate GPS data for data-to-day operations and offensive/defensive missions. The targeting of the actual satellites is one issue. Jamming them is another. Cyberwarfare will rapidly expand into space and cyberspace.”

Mounting a defence

Trusted Computing Group marketing workgroup chair Thorsten Stremlau says that security must be designed into satellite systems, so a level of trust is established between earthbound devices and satellites.

“Trusted computing technology ensures the trustworthiness of devices, device identity and security validity, such as through the use of cryptographic keys,” he says. “Practical security solutions are automated and rely on cryptography as well as a component within a device called a root of trust. A root of trust is secured for a defined range of applications and undergo in-depth security validation. Once deployed, they remain trusted throughout device lifetime.

“Network satellite architecture enables communications to be authenticated at every stage of data transmission before it reaches the satellite, with encryption protecting data even as it moves across the satellite ecosystem. In an age when military usage is ever-increasing, trusted computing technology is essential in protecting top-secret data.”

Assets used to discover space, if unlawfully accessed, could be misused or abused to attack vulnerable targets on earth.

OneLogin global data protection officer Niamh Muldoon explains that, like any other information asset, space-based assets need people-related, process-related and technological controls.

“The success of their protection is based on defining and implementing a cybersecurity programme that incorporates and balances controls across its people, processes and technologies,” she says.

“These controls should be defined from a risk assessment of the threat landscape from both space and earth perspectives. While the threat landscape for the space domain is unknown, the assets used to discover space, if unlawfully accessed, could be misused or abused to attack vulnerable targets on earth.”

Hardened attack surfaces

Synopsys director for government and critical infrastructure programmes Joe Jarzombek says the US Space Force and UK Space Command need a strong focus on prevention.

“In an era of asymmetric cyberattacks, space force capabilities must have systems with hardened attack surfaces,” he says. “In space operations, seconds matter, so cyber assets must be highly reliable and have near-continuous availability.

“Relying primarily on microelectronics and software, space assets must be hardened, not just against the effects of radiation and electronic jamming, but primarily against the risk exposures attributable to exploitable software and flaws in component design that represent source vectors for attack.”

He adds that DevSecOps (development, security and operations) practices must focus on prevention by mitigating exploitable weaknesses in software before deployment and before threat actors discover the weaknesses in ground control and on-orbit assets.

Fragile networks

The focus should not be on the satellites alone but the networks they form, argues RedSeal CTO Dr Mike Lloyd, and protecting them requires humans and computers working together.

“Satellites themselves are often used in a mesh – consider GPS as one example, where each satellite alone is not enough, and it takes the power of multiple satellites working together to solve the problem,” he says. “Pilots rely on an even more precise system called WAAS, which adds a second network to the existing GPS network to increase accuracy.

“All networks share key properties: they are fragile, hard for humans to think about, and prone to lateral movement where an attacker breaches one node then spreads. Defending networks involves understanding networks, and we already struggle with this in terrestrial cyber warfare. It only gets harder as the networks extend off the planet’s surface.

“As the network increases in scale, it gets further and further beyond human comprehension – too many interacting parts, any one of which could be breached by an attacker and used as a foothold for further spread.

“The only way to defend a more-than-global network is to combine human strategy with machine reasoning. It’s impossible for humans to understand and map out every possible attack pathway – that requires inexhaustible attention to detail, which is something computers are good at. Computers, however, do not understand the human motivations, psychological factors or economics – humans are far better at the strategic meaning of the game.”

###

Space security in 2022: expect a hacked satellite

by?Vilius Petkauskas

Space security in 2022: expect a hacked satellite | CyberNews (Link)

As the number of satellites keeps growing, so does the chance of one of them getting hacked. 2022 might be the turning point.

2021 was another explosive year for the space industry. According to the?Union of Concerned Scientists, over 1,300 new satellites were put in orbit in only nine months of this year. That is 200 more than in the whole of 2020 and almost five times more than in 2019.

It's clear that with the advent of space commercialization, we have entered the age of a new space race. This time, geopolitical competition is supplemented by a trove of commercial companies competing to offer services relying on space assets.

With low Earth orbit (LEO), where most new satellites reside, becoming more crowded, protecting human-made moons is turning ever more critical.

I asked space security experts and industry insiders to share what's on a plate for space cyber security in 2022, and that's what they said.

Three CubeSats moments after being ejected from a small satellite deployer outside the International Space Station. Image by NASA.

Encryption fever

The majority of the new satellites in space are?smallsats,?devices under 500kg, with some weighing less than 10kg. That's where the industry is booming as companies like Starlink start to offer services like global internet coverage.

According to Giovanni Pandolfi Bortoletto, Co-Founder and Chief Strategy Officer at Leaf Space, a microsatellite servicing company, more and more missions start to transition from capacity demonstration toward providing commercial end-to-end services.

"With this shift, the risk for possible attacks increases since the impact on commercial and government endeavors also increases with the activation of actual services," Bortoletto told CyberNews.

As companies start to internalize the threats cyberattacks pose to space assets, Bortoletto suggests, ground segment service providers and end-users keenly adopt cybersecurity guidelines. A trend that will only accelerate next year.

"A few years ago, encryption and authentication were not so much used, while today, the majority of smallsat missions are setting them as a hard requirement from the design phase, also requesting the adoption of zero-trust methods with third parties involved in the overall value chain, " Bortoletto explained.

"Will 2022 see the first cyberattack on a space system disclosed publicly? No one can tell, but statistically, considering the growth of the industry, it's just a question of time."

- Mathieu Bailly, VP Space at CYSEC

Software protection

Most modern satellites are mostly complex computers orbiting the Earth. According to Mathieu Bailly, VP Space at CYSEC, a cybersecurity company, satellite operators will scramble to ramp up software security with first missions generating value by onboard?algorithms?next year.

"We expect to see space companies starting to embrace the same techniques as in terrestrial embedded systems, " Bailly explained.

Satellite operators will also concern themselves with how to guarantee safety that runs on the?cloud. Bailly suggests that space companies will spend a lot of time fine tuning their cloud infrastructure security.

Bailly thinks that next year will see the first attempts to present draft regulations regarding cybersecurity in space. Any regulation would shake the industry as currently, any company is free to fly a satellite with propulsion capabilities.

"Will 2022 see the first cyberattack on a space system disclosed publicly? No one can tell, but statistically, considering the growth of the industry, it's just a question of time. It will be a wake-call for all the operators that have been procrastinating on the topic, " Bailly told CyberNews.

Two Dove satellites pictured after being released from the ISS. Image by NASA.

Unwanted attention

While 2021 saw a tsunami of ransomware attacks, satellites and other space assets were not targeted by threat actors. Dr. Eric Cole, a veteran cybersecurity expert, suggests that might change in 2022.

Cole believes that as ransomware-as-a-service (RaaS) affiliates run out of easy targets, they will start eyeing other high-value targets, where victims cannot afford any downtime.

"Satellites fit perfectly into this category and based on the critical communication component; these attacks will make?Colonial Pipeline?look like small change," Cole explained.

One key reason threat actors might start targeting satellites is that most of the older machines that often run legacy systems were not designed with cybersecurity in mind.

"Satellites are focused on functionality and uptime and based on the overall decision and life of these systems; cybersecurity has not been a primary concern," Cole told CyberNews.

"Satellites fit perfectly into this category and based on the critical communication component; these attacks will make Colonial Pipeline look like small change."

-Dr. Eric Cole, a veteran cybersecurity expert

Critical infrastructure

Legislation, however, might help hinder hacker interest in attacking space systems. Ransomware attacks against?Colonial Pipeline?and?meat supplier JBS?allowed the US government to use more resources to catch the criminals.

That's because food production and energy supply systems fall under the 'critical infrastructure' category. According to Charles Denyer, a cybersecurity expert, 2022 might finally be when the US identifies space assets as 'critical infrastructure.'

"A designation for space assets as critical infrastructure would create a much-needed spotlight on protecting our orbital assets. Satellites were not designed for the cyber age - meaning, they are defenseless against cyberattacks, so expect a renewed focus on this very specific topic," Denyer said.

###