Communications Satellites Are Vulnerable

Uploaded on 2019-07-11 in GOVERNMENT-Defence, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The US and its allies need to double down on the cyber-security of their satellites as space infrastructure becomes ever more integral to national security, according to a recent report ‘Cyber vulnerabilities strike at the heart of the key technologies in strategic doctrines and military planning’. 

The Pentagon and other western military forces rely heavily on space-based systems to guide weapons, gather intelligence and coordinate operations around the globe, but security gaps in their satellite infrastructure threaten to bring those functions to a grinding halt or worse, researchers at the London-based think tank Chatham House found. 

As adversaries like Russia and China ramp up their offensive cyber capabilities, they said the western world needs to lock down its space infrastructure against potentially crippling attacks. And in the meantime, “it would be prudent” for countries to assume their systems have already been infiltrated.

“If cyber threats are not effectively addressed, vulnerabilities in the strategic infrastructure could result in severe consequences for international security,” researchers wrote in a report published Monday 1st July. 

“There is an urgent need to study and address cyber-related challenges to strategic assets within NATO and its key member countries, particularly the cyber threat to space-based command and control systems.”
While researchers stressed the importance of space cyber-security for all NATO members, the US has the greatest foothold in space by far. 

According to the United Nations, the US currently has more than 1,900 satellites in orbit around the Earth. The second highest NATO member is France, with 127.

Because so many of the alliance’s global operations in both war and peacetime are coordinated through satellites, a cyber-attack against any individual system could potentially have huge downstream effects. Countries base their national security strategies on the assumption that their weapons, communications and other systems will perform as expected, but in today’s uncertain cyberspace, “this should not be taken for granted.” Though they didn’t point to any specific security holes, researchers said the alliance’s current space infrastructure is increasingly vulnerable to attack and those weaknesses “have not yet received the attention they deserve.” 

One major risk they highlighted is hazy line between commercial and military space infrastructure. Beyond the supply chain risk of buying satellites from private companies, the Pentagon and other NATO military forces often rely on commercial satellites to gather images and other data from space, the report said. 

Often these satellites aren’t built to the same strict security standards as their military counterparts, and they could be vulnerable to adversary attacks. Adversaries could also infiltrate control stations on the ground by exploiting employees at military outposts or private companies, researchers wrote.

“There is an increasing need to apply higher-grade military hardening and cyber protection specifications to civilian capabilities that have the potential to be used in support of military applications,” they said.

Given the exposure of their space infrastructure, NATO members should assume adversaries have already infiltrated their systems and invest in technology that could restore satellites in the event of an attack, according to researchers. 
Artificial intelligence and machine-learning tools could be particularly useful in spotting and responding to the latest threats, they added.

In the report, researchers also said NATO should invest in both cybersecurity as well as “active, persistent engagement” that could disrupt and deter attackers. 

‘Further planning needs to go into the integration of new technologies when securing satellites from cyber-attack. Aspirations in this area may include the ability for satellites to configure and fix themselves’. 

The report comes as the Pentagon prepares to delegate most of its space-based operations to the newly minted Space Force, which is expected to be up and running by 2020.

DefenseOne:         ChathamHouse:  

You Might Also Read:

Chinese Hack Breached US Satellites:

Robots Will Repair Satellites In Space:


 

 

« Police Forensic Firm Has Paid Ransom
US Electoral Infrastructure Is Wide Open To Hackers »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

UCD Centre for Cybersecurity and Cybercrime Investigation

UCD Centre for Cybersecurity and Cybercrime Investigation

UCD Centre for Cybersecurity and Cybercrime Investigation is Europe's leading centre for research & education in cybersecurity, cybercrime and digital forensics.

Linklaters LLP

Linklaters LLP

Linklaters is an international law firm. Practice areas include Information Management and Data Protection.

Forensic Pathways

Forensic Pathways

Forensic Pathways focus on the provision of digital forensic technologies, offering clients unique technologies in the management of mobile phone data, image analysis and ballistics analysis.

AlAnsari Technical Solutions (ATS)

AlAnsari Technical Solutions (ATS)

ATS is a Kuwait based company specialised in delivering hardware/software, Virtualisation, IP Telephony / Unified Communication, Networking and professional IT services and solutions.

Quadible

Quadible

Quadible BehavAuth is an AI-platform that continuously authenticates the users, without the need of any input, by learning their behavioural patterns.

Level Effect

Level Effect

Level Effect is developing new capabilities to bring a unique perspective on proactive network defense and advanced security analytics.

NeuVector

NeuVector

NeuVector, the leader in Full Lifecycle Container Security, delivers uncompromising end-to-end security from DevOps vulnerability protection to complete protection in production.

GLIMPS

GLIMPS

GLIMPS-Malware automatically detects malware affecting standard computer systems, manufacturing systems, IOT or automotive domains.

SoftwareONE

SoftwareONE

SoftwareONE is a leading global provider of end-to-end software and cloud technology solutions.

Eqlipse Technologies

Eqlipse Technologies

Eqlipse Technologies provides products and high-end engineering solutions to customers in the Department of Defense and Intelligence Community.

Espria

Espria

Espria is a leading independent managed service provider with expertise in Cloud, IT, Communications and Document Solutions.

Reco AI

Reco AI

Reco is an identity-centric SaaS security solution that empowers organizations with full visibility into every app, identity, and their actions to control risk in their SaaS ecosystem.

Smartcomply

Smartcomply

Smartcomply is an automated and AI-powered cybersecurity and compliance platform that aids businesses in reducing the time and money spent on cybersecurity and compliance.

Tech Data

Tech Data

Tech Data, a TD Synnex company, is a leading global distributor and solutions aggregator for the IT ecosystem.

Infosec Ventures

Infosec Ventures

Infosec Ventures incubates and scales cyber security innovators that solve inefficiencies in cyber security.

Lupasafe

Lupasafe

Lupasafe is a software for businesses to see IT risks and insights, and provide vital training for employees.