Russia’s invasion of Ukraine clearly defined how warfare going forward will look – a mix of the horrors of conventional fighting on the ground and the more hidden though ferocious battle in cyberspace.
That was on display from the opening days of the war in February 2022, with the ground and air assault coupled with a complex Russian cyberattack on Viasat’s Ukrainian satellite broadband system, knocking out service for tens of thousands across Europe.
The Viasat hack extended the fight in cyberspace to outer space, disrupting communications by taking out connections to satellites. It put in stark terms the critical importance of satellite comms to the modern world and why there is a growing focus on securing the thousands of space systems – satellites in particular – encircling the globe.
“Everything that we do in daily life really has kind of a space component associated to it,” Michael Ruiz, vice president and general manager for cyber innovations at Honeywell, told The Register. “Our communication systems that provide global communications for the way that we do business, the systems that we use both commercially and for military operations, all are space-based platforms. TV stations [and] cable stations are using satellite uplinks on a regular basis.
“As you start to think about how you want to disrupt a nation state or how you want to think about potentially disrupting a nation state, space-based platforms are a very interesting target.”
Doe to this, space security is critical to national security, for the US as well as other countries, according to In-Q-Tel (IQT), a not-for-profit venture capital firm that invests in startups developing technologies for the US defense and intelligence communities and allies.
“Many of the sectors that we rely on for daily life, including financial systems, agriculture, emergency services, and energy, have a direct dependency on the stability and therefore cybersecurity of Space Systems,” IQT’s Katie Gray and Brian Norville wrote in a blog post in February.
The ever-changing world of satellites
The issue of satellites is sprawling and fast-evolving. As of May 2022, there were 5,465 satellites orbiting the Earth, with 3,433 of them belonging to the US. China was a distant second with 541, Russia had 172, and the rest of the world had 1,319. More than half are used for communications, with others used for observing Earth, technology development, navigation, and space science.
According to Gray and Norville, experts predict that within 15 years, there could be more than 100,000 satellites along with 10 to 15 orbiting stations (in the space between the Earth and Moon), not to mention in-orbit systems for cloud storage, edge computing, energy production, and mining and manufacturing in space.
The mix is getting more varied.
“The shift has already begun from a government-dominated space economy to one that is commercially driven,” they wrote. “Companies such as Microsoft and Amazon have identified a business model that enables them to extend their already robust cloud computing capabilities into space systems.”
In addition, space won’t just be the domain of the US, China, and Russia. As many as 30 countries could launch systems or other assets. In addition, China has published a national strategy outlining their intent to reach “space superiority,” according to IQT.
There’s going to be more competition in the orbit around Earth.
Geopolitics are in play
As on Earth’s surface, the geopolitics of space are a tangle of competition and cooperation. The Federal Aviation Administration noted that the US operates 31 GPS satellites, while three other “constellations” provide similar services – GLONASS developed by Russia, Galileo by the EU, and BeiDou by China – and combined they all make up Global Navigation Satellite Systems, or GNSS.
All let the world use their respective systems for free, according to the FAA. That’s part of the cooperation.
Then there is the competition. What happens in the terrestrial world will ripple up into space. Again, soon after the Russian invasion of Ukraine, there were reports that Russia tried to jam SpaceX’s Starlink, which was using its satellite constellation to deliver internet connectivity to Ukraine.
“It’s pretty well known that … several nation-state actors have the ability to provide both kinetic and non-kinetic – or cyber – manipulation of space-based systems,” said Ruiz of Honeywell, which has a large aerospace business that includes both government and private-sector customers.
Certainly Russia is one of them. And in a broader sense, cyberspace gives foes a chance to conduct asymmetric warfare, he said. The US outspends the next 10 or so countries combined for defense, so cyberspace levels the playing field a bit, giving some nation states a way of attacking their larger or better-funded adversaries, such as targeting critical infrastructure.
“If I can do it through space-based technology, my reach has just grown incredibly,” Ruiz said. “That’s why there’s so much interest in this notion of cyber-defense and space, because these space-based platforms are crucial to the way that we live.”
That said, while the vulnerabilities exist, the question becomes whether a country wants to exploit the opportunity and suffer the possible ramifications. If a nation-state actor compromises a US satellite, the US likely would respond. Is it worth the risk? The threat of a kinetic war may keep countries in check now, but maybe down the road an adversary may see attacking a space system as a way of advancing their purposes.
But there are perils.
“I don’t think it’s a far leap to look at it and say, ‘If you take out my communications satellite, I’m going to take out yours,'” Ruiz said. “What are the implications of doing something like this? What does that do to your business, to your GDP, to your ability to operate in the world? There’s a question of, ‘How many do I have vs how many does anyone else? Do I want to take my limited resources and put them against someone who has vast resources?’ I don’t know that it’s a matter of specific policy, but it definitely makes sense that someone strategically looking at this would consider all those factors.”
Securing the space
The US government put a spotlight on the country’s national interests in space with the launch in late 2019 of Space Force, the sixth military branch. More recently, in May 2022, the Cybersecurity and Infrastructure Security Agency (CISA) and FBI issued an advisory about threats from Russia to the US and international satellite communication networks as part of the larger Shields Up cybersecurity program.
In addition, the White House’s Cyber Security Strategy released in March touched on the need to secure space-based systems, including those for navigation, positioning, and environmental monitoring. Two months earlier, the US National Institute of Standards and Technology (NIST) and MITRE, a private cybersecurity business, unveiled a version of the widely used NIST framework for the ground-based part of space operations.
That came after Aerospace Corp – a nonprofit that runs a federally funded R&D center in California – in October 2022 created the Space Attack Research and Tactics Analysis (SPARTA) matrix to describe the threats attackers could pose to space systems.
Good starts all, but more needs to be done. IQT noted that three factors – a lack of incentives to build strong security, poor understanding of security best practices, and the fact most space systems have almost bespoke designs – have convinced some that orbiting systems are safe from threats due to obscurity.
“Even if this was once true, it has not been for a long time,” IQT’s Gray and Norville wrote. “The ground systems that support these systems are often equally vulnerable.”
In addition, the ongoing commoditization of the supply chain could open up the systems to even more cyberthreats given that attackers are more familiar with the hardware and software components being used in them.
The “bespoke designs” IQT talked about are an issue, Honeywell’s Ruiz said.
“We flew the Shuttle into space and it was operated on a 286 [based] infrastructure, circa 1970s technology, 1980s technology,” he said. “When we think about space-based platforms, the processors [and] technology that we find in a lot of the platforms that are still in space operate exceptionally well, but they are older technology.”
That means they also include older vulnerabilities that need to be patched and secured because it’s not as though people can run up to the systems and replace a chip, he said. These are multibillion-dollar platforms that have long lifespans so their perimeters need to be secured.
Designers of systems that are going into space can take lessons from terrestrial systems, IQT noted. That includes developing space-focused cybersecurity standards and best practices, improving training for designers and operators, adopting secure coding and assessment practices, and using commercial technologies like embedded system security, network security and data protection into system designs and testing.
As mentioned, more systems are going to be placed into orbit and increasingly those will be commercial operations. Advances in technology mean that the technology is more accessible to more companies.
“Once upon a time, I’d have to have a three-meter dish that was energized, I’d have to have a level of expertise to be able to come up with proprietary waveforms,” Ruiz said. “In the movement towards more open standards, broader interconnection, we’ve also created a mechanism that lowers the barrier to entry. I no longer need three-meter dish. I no longer need to have proprietary waveforms or understand proprietary waveforms.”
That said, as more companies and government entities put more systems into space, they are going to need to secure them, and it can’t be done the old-fashioned way.
“It used to be the case that once you put it into space, you felt like it was largely protected,” he said. “That’s really no longer no longer the case. Distance is not a barrier to being able to take effect on those things.” ®