Communications Satellites Are Vulnerable

Uploaded on 2019-07-11 in GOVERNMENT-Defence, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The US and its allies need to double down on the cyber-security of their satellites as space infrastructure becomes ever more integral to national security, according to a recent report ‘Cyber vulnerabilities strike at the heart of the key technologies in strategic doctrines and military planning’. 

The Pentagon and other western military forces rely heavily on space-based systems to guide weapons, gather intelligence and coordinate operations around the globe, but security gaps in their satellite infrastructure threaten to bring those functions to a grinding halt or worse, researchers at the London-based think tank Chatham House found. 

As adversaries like Russia and China ramp up their offensive cyber capabilities, they said the western world needs to lock down its space infrastructure against potentially crippling attacks. And in the meantime, “it would be prudent” for countries to assume their systems have already been infiltrated.

“If cyber threats are not effectively addressed, vulnerabilities in the strategic infrastructure could result in severe consequences for international security,” researchers wrote in a report published Monday 1st July. 

“There is an urgent need to study and address cyber-related challenges to strategic assets within NATO and its key member countries, particularly the cyber threat to space-based command and control systems.”
While researchers stressed the importance of space cyber-security for all NATO members, the US has the greatest foothold in space by far. 

According to the United Nations, the US currently has more than 1,900 satellites in orbit around the Earth. The second highest NATO member is France, with 127.

Because so many of the alliance’s global operations in both war and peacetime are coordinated through satellites, a cyber-attack against any individual system could potentially have huge downstream effects. Countries base their national security strategies on the assumption that their weapons, communications and other systems will perform as expected, but in today’s uncertain cyberspace, “this should not be taken for granted.” Though they didn’t point to any specific security holes, researchers said the alliance’s current space infrastructure is increasingly vulnerable to attack and those weaknesses “have not yet received the attention they deserve.” 

One major risk they highlighted is hazy line between commercial and military space infrastructure. Beyond the supply chain risk of buying satellites from private companies, the Pentagon and other NATO military forces often rely on commercial satellites to gather images and other data from space, the report said. 

Often these satellites aren’t built to the same strict security standards as their military counterparts, and they could be vulnerable to adversary attacks. Adversaries could also infiltrate control stations on the ground by exploiting employees at military outposts or private companies, researchers wrote.

“There is an increasing need to apply higher-grade military hardening and cyber protection specifications to civilian capabilities that have the potential to be used in support of military applications,” they said.

Given the exposure of their space infrastructure, NATO members should assume adversaries have already infiltrated their systems and invest in technology that could restore satellites in the event of an attack, according to researchers. 
Artificial intelligence and machine-learning tools could be particularly useful in spotting and responding to the latest threats, they added.

In the report, researchers also said NATO should invest in both cybersecurity as well as “active, persistent engagement” that could disrupt and deter attackers. 

‘Further planning needs to go into the integration of new technologies when securing satellites from cyber-attack. Aspirations in this area may include the ability for satellites to configure and fix themselves’. 

The report comes as the Pentagon prepares to delegate most of its space-based operations to the newly minted Space Force, which is expected to be up and running by 2020.

DefenseOne:         ChathamHouse:  

You Might Also Read:

Chinese Hack Breached US Satellites:

Robots Will Repair Satellites In Space:


 

 

« Police Forensic Firm Has Paid Ransom
US Electoral Infrastructure Is Wide Open To Hackers »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Beyond Security

Beyond Security

Beyond Security is a leader in automated vulnerability assessment and compliance solutions - enabling customers to accurately assess and manage security weaknesses in their networks and applications.

PortSwigger

PortSwigger

PortSwigger's Burp Suite is an integrated platform for performing security testing of web applications.

Secusmart

Secusmart

Secusmart provide highly secure and encrypted speech and data communication solutions.

Azeti Networks

Azeti Networks

Azeti Networks is a global provider of IoT technology to a variety of verticals including telecomms, oil/gas, manufacturing, finance and healthcare.

CyberGreen Institute

CyberGreen Institute

The CyberGreen Institute is a global non-profit and collaborative organization conducting activities focused on helping to improve the health of the global Cyber Ecosystem.

Cycura

Cycura

Cycura provide advanced, customized, and confidential cyber security services, cyber investigation services, and digital forensic services to governments, companies, and organizations.

Build38

Build38

Build38 provides the highest levels of security for mobile applications.

Secure Recruitment

Secure Recruitment

Secure Recruitment is a specialist Executive Search business that focuses its efforts on attracting specific exceptional talent in Cyber Security.

Sabat Group

Sabat Group

Sabat Group provide relationship-driven information security & cyber security recruiting services.

ConnectWise

ConnectWise

The Unified ConnectWise Platform offers intelligent software and expert services to easily run your business, deliver your services, secure your clients, and build your staff.

Avancer Corporation

Avancer Corporation

Avancer Corporation is a multi-system integrator focusing on Identity and Access Management (IAM) Technology. Founded in 2004.

CodeLock

CodeLock

Codelock is a patent-pending solution that continuously provides software security at the code level, while providing advanced management insights with performance metrics and data analytics.

Cloudflare

Cloudflare

Cloudflare is a global network designed to make everything you connect to the Internet secure, private, fast, and reliable.

Secfix

Secfix

Secfix helps companies get secure and compliant in weeks instead of months. We are on a mission to automate security and compliance for small and medium-sized businesses.

SIEM Xpert

SIEM Xpert

SIEM Xpert is a leader in Cyber Security Trainings and services since 2015.

eGeneration

eGeneration

eGeneration is one of the leading technology solutions and system integration companies in Bangladesh.