Communications Satellites Are Vulnerable

The US and its allies need to double down on the cyber-security of their satellites as space infrastructure becomes ever more integral to national security, according to a recent report ‘Cyber vulnerabilities strike at the heart of the key technologies in strategic doctrines and military planning’. 

The Pentagon and other western military forces rely heavily on space-based systems to guide weapons, gather intelligence and coordinate operations around the globe, but security gaps in their satellite infrastructure threaten to bring those functions to a grinding halt or worse, researchers at the London-based think tank Chatham House found. 

As adversaries like Russia and China ramp up their offensive cyber capabilities, they said the western world needs to lock down its space infrastructure against potentially crippling attacks. And in the meantime, “it would be prudent” for countries to assume their systems have already been infiltrated.

“If cyber threats are not effectively addressed, vulnerabilities in the strategic infrastructure could result in severe consequences for international security,” researchers wrote in a report published Monday 1st July. 

“There is an urgent need to study and address cyber-related challenges to strategic assets within NATO and its key member countries, particularly the cyber threat to space-based command and control systems.”
While researchers stressed the importance of space cyber-security for all NATO members, the US has the greatest foothold in space by far. 

According to the United Nations, the US currently has more than 1,900 satellites in orbit around the Earth. The second highest NATO member is France, with 127.

Because so many of the alliance’s global operations in both war and peacetime are coordinated through satellites, a cyber-attack against any individual system could potentially have huge downstream effects. Countries base their national security strategies on the assumption that their weapons, communications and other systems will perform as expected, but in today’s uncertain cyberspace, “this should not be taken for granted.” Though they didn’t point to any specific security holes, researchers said the alliance’s current space infrastructure is increasingly vulnerable to attack and those weaknesses “have not yet received the attention they deserve.” 

One major risk they highlighted is hazy line between commercial and military space infrastructure. Beyond the supply chain risk of buying satellites from private companies, the Pentagon and other NATO military forces often rely on commercial satellites to gather images and other data from space, the report said. 

Often these satellites aren’t built to the same strict security standards as their military counterparts, and they could be vulnerable to adversary attacks. Adversaries could also infiltrate control stations on the ground by exploiting employees at military outposts or private companies, researchers wrote.

“There is an increasing need to apply higher-grade military hardening and cyber protection specifications to civilian capabilities that have the potential to be used in support of military applications,” they said.

Given the exposure of their space infrastructure, NATO members should assume adversaries have already infiltrated their systems and invest in technology that could restore satellites in the event of an attack, according to researchers. 
Artificial intelligence and machine-learning tools could be particularly useful in spotting and responding to the latest threats, they added.

In the report, researchers also said NATO should invest in both cybersecurity as well as “active, persistent engagement” that could disrupt and deter attackers. 

‘Further planning needs to go into the integration of new technologies when securing satellites from cyber-attack. Aspirations in this area may include the ability for satellites to configure and fix themselves’. 

The report comes as the Pentagon prepares to delegate most of its space-based operations to the newly minted Space Force, which is expected to be up and running by 2020.

DefenseOne:         ChathamHouse:  

You Might Also Read:

Chinese Hack Breached US Satellites:

Robots Will Repair Satellites In Space:


 

 

« Police Forensic Firm Has Paid Ransom
US Electoral Infrastructure Is Wide Open To Hackers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Gatewatcher

Gatewatcher

Gatewatcher is a digital breach detection platform targeting crafted attacks and protecting organizations against advanced cyber threats.

International Telecommunication Union (ITU)

International Telecommunication Union (ITU)

ITU is the United Nations specialized agency for information and communication technologies – ICTs. Areas of activity include cybersecurity.

VietSunshine

VietSunshine

VietSunshine is a leading provider of network security infrastructure and solutions in Vietnam.

IdentityIQ

IdentityIQ

IdentityIQ is a US-based identity theft and credit protection company designed to help users stay on top identity thieves and data breaches.

Passbase

Passbase

Passbase is building a full-stack identity verification engine backed by verified government documents.

Avertro

Avertro

Avertro helps leaders manage the business of cyber. We help explain cybersecurity to executives, forecasting outcomes, right-sizing your spend, and validating your cyber strategy.

Sunartek Labs

Sunartek Labs

Sunartek are equipped with expert resources and advanced technology to identify cyber threats and prevent any breach, bypassing the security network of your organization.

Defentry

Defentry

Defentry have created an Ecosystem that lets our users easily monitor, train and resolve their digital security issues.

ELLIO Technology

ELLIO Technology

ELLIO Technology is a cybersecurity company that reduces alert overload, improves incident response, and helps security teams target serious attackers who pose a real threat.

Phylum

Phylum

Phylum provides powerful, automated software supply chain risk analysis that protects organizations, defends developers and enables secure innovation.

Gomboc.ai

Gomboc.ai

Gomboc solve cloud infrastructure security policy deviations by providing tailored remediations to the IaC (Infrastructure as Code).

Conceal

Conceal

Conceal’s mission is to stop ransomware and credential theft for companies of all sizes by developing innovative solutions that provide social engineering protection in any browser.

ZEUSS

ZEUSS

ZEUSS is a diversified data center, cybersecurity, and green energy company.

HTX (Home Team Science & Technology Agency)

HTX (Home Team Science & Technology Agency)

HTX brings together science and engineering capabilities to transform the homeland security landscape and keep Singapore safe.

UberEther

UberEther

UberEther are a dedicated group of software developers and consultants developing and deploying the next generation of identity management and cloud solutions.

Darwinium

Darwinium

Darwinium is a Cyberfraud Prevention Platform that provides scalable customer journey protection without complexity.