Strengthening Satellite Cyber Security with Dr. Dmitry Mikhaylov
Reflex Aerospace
We design and manufacture 100 to 500kg payload-specific, dual-use satellites at unparalleled speed. Enter NextSpace?.
On an episode of the #NextSpace broadcast, Rachana Mamidi sat down with Dr. Dmitry Mikhaylov, an author and associate professor at the 新加坡国立大学 . They discussed the lack of a simple solution to the problem of cybersecurity in space, and what it would take to build a framework to avoid the worst-case scenarios. This is an abridged transcript, you can listen to the entire conversation on Spotify .
Dr. Dmitry Mikhaylov: What is quite important from my point of view is that we start this talk not from the technologies, but from the aspect of cybersecurity, and I'll tell you why: because I've seen a lot of solutions that try to penetrate the market, do something very fast, very efficiently and provide a new product. And they don't think about cybersecurity at all. And then at the end of the day, they start patching.
That is not a good approach to cybersecurity.?
I'll give you an example. I can make a startup launching a small satellite into space. And this satellite, it's a small startup, will not be so secure. So anybody can hack it. And what happens afterward, anybody who hacks it can target a bigger satellite and make a major collision. And nobody thinks about it.?
Rachana: How are cybersecurity vulnerabilities quantified in the first place?
If we speak about satellites, there are problems like GPS jamming; if you don't have good cybersecurity, cryptography protection, spoofing and hijacking can take control over the satellite.
And to make a very good satellite protection, you have to think out first, who can do damage to your satellite? This is very important. Of course, most of the satellite companies say, well, we don't have that many enemies, that we are not vulnerable.
Nobody will think about taking down the satellite that's just tracking, say, carbon credits. In whose interest is that? But at the end of the day, somebody who wants to take or hijack your satellite may not be even thinking about your company. They can think about moving the satellite in the wrong orbit or wrong position and target a military satellite, for example.?
Rachana: When we're trying to make satellites more resilient to cyber attacks, can the methods of IoT malware detection, for example, be applied to satellites?
Partially, yes. But at the end of the day, many satellite companies forget about checking their hardware and software of a satellite just before the launch. They just skip this scanning and proper audit. And honestly speaking, if you even try to Google any service that makes an audit of satellite equipment, you will not find a single company.
Encrypting and decrypting something is an additional procedure and most of the companies try to skip it. When they try to skip it, they can have hackers penetrating this channel, trying to take control of the satellite. So it's number two. The first is audit and the second is proper encryption. And the third one, it is also very important if you have on land, software and hardware that controls the satellites, most of the companies just neglect that this software can be attacked.
So what do you think would be the ideal way to design, develop and build a satellite to make it completely resilient, or perhaps if not completely, as much as possible, resilient to cyber attacks?
Unfortunately, in this industry, there are no regulations so far, or at least the regulations are not that strict.
My strong belief is that until we have strong regulations in–and not on the government level, it has to be a United Nations (UN) kind of regulation–only in this case will we have a really cyber secure space.?
Insurance companies can also take a step because most of the satellites now are insured. But again, we don't see any move from insurance companies so that they make this cybersecurity obligatory.
So we are talking about cybersecurity and this brings into the picture: SATCOM networks. Shared satellite networks are becoming more and more popular. And what is the magnitude of risk for, let's say, an end user, not just the satellite, but let's say for an end user who's connected to a SATCOM network?
There is no right answer here because if you make your own satellite and you have very good cyber secure protection, it's a very good solution. If you don't have that and you have a shared network, it can be a better solution because a shared network can have a higher protection level.
You have to always understand who is this threat actor, who wants to hack you and act according to this. If it's a foreign intelligence, it's one case. If it's a student hacker, it's another case. If it’s a competitor, then it’s another case. That is the key question. And based on that, you can make your choice.
Is satellite imagery currently being used for carbon credit verification?
Yes, they are used, but at this stage at least in the development of this market, I would focus on methane because it has actually 22 times greater global warming potential than carbon. And it's easier to track from satellites. I can tell that satellite imaging is already playing a great role, at least in making these methane impacts lesser.
During your research or your research work so far, have you encountered any barriers to accessing satellite imagery?
Well, yes. In most cases, you have to pay quite a lot to get access to this information. And most of the companies who try to detect these carbon offsets, they try to save money. Most of them are startups that are just entering the market and try to limit themselves to using only, say, Landsat images that are free and the resolution is not so good.
The problem is that most of the satellite companies don't give satellite images for free to these startups to try something. At least, it can be a small area. If they can have it for free, then they can develop their technology, and become the client of the satellite company that supplies satellite images, and that can bring a great boost to the market.
领英推荐
Besides being prohibitively expensive, is the current satellite imagery sufficient in terms of spectral bands or spatial resolution or the frequency of availability or even geographical areas of interest?
Geographical areas are definitely a problem so far. Not everything is covered. I worked in Uzbekistan in an international program tracking carbon offsets. They have a problem. They have images available only once a week in some of the areas. And it's a huge problem for the country because they have to prove that carbon offsets work.
Another problem is that most carbon offset startups use different indexes for tracking vegetation like the Normalized Difference Vegetation Index. They don't get very good data and based on this data, they cannot really calculate the proper formulas, they cannot calculate their carbon offsets. And the trust in the data is low.?
Wow, that’s very interesting. In which other geographical areas do you think there is a serious lack or dearth of satellite imagery across the world?
I worked in Central Asia, it’s a major problem there. Africa definitely as well. Latin America. All these three areas have a lack of access to good data.?
So you have to adapt the data you have to the local reality. You need all these different layers of data, not only satellite but drone images, IoT devices, and soil measurements to make a proper model for calculating the carbon offset.
But can these startups [function], if they don't have enough money? Say for example, in Uzbekistan, the investments in these local startups in carbon offsets is almost zero. And the country suffers because the country cannot really show that carbon offsetting is working.
Why do you think there has not been interest in this direction so far? Is it because the financial returns are not really expected to be that high? Or is there any other reason?
Yes, the payback is not so obvious. Regulations are evolving and changing all the time. Of course, it’s a very good area and most of the VC funds go there. But they mostly go to countries like the United States or Europe because a green agenda has been there for a long time.?
And the Central Asian countries and other countries have other problems.?
Offsets must meet requirements of permanence and the impact of projects should not be reversed in the future. And stability is a huge, huge criterion for this. Political, and geopolitical instability is also making an impact on their carbon offsets.
Do you think having affordable satellite connectivity would make things easier in terms of all that we talked about in these geographical areas?
Absolutely. I'll give you an example.
Uzbekistan where I worked, is a country of cotton, and nobody studied the carbon credits of cotton. The problem is, a lot of the startups that tried to make these measurements made quite impressive research in the area. They could export these services to other countries like Pakistan, India, United States, China, everywhere, because they have immense data that they can use to train a very good AI model at least.
But again, nobody invested in this case.
Do you think with the increasing awareness about climate change this whole scene is changing? Do you think it will push more resources to invest in supporting these carbon credit companies? And how do you see all this panning out in the next 10 years?
The demand will really increase for sure. But the problem is that I think that VCs are not the power that will push this carbon offset market because VCs follow regulations and follow market demand. We have to focus on these clear rules and regulations. Then the VCs will come and then we will have a huge demand.??
There will be a lot of startups and there will be a huge demand for satellite data. But regulations come first–same as in cybersecurity, by the way.
That’s very interesting because historically when we look at the evolution of the whole space era for humanity, it was always regulation that was following space technology. Now it looks like regulation has to take the lead in propelling us forward.
Absolutely. It's my strong belief that only regulations will make it happen.
Thank you very much for your wonderful inputs, and thank you very much for your time.
Thank you for inviting me!