Communications Satellites Are Vulnerable

Uploaded on 2019-07-11 in GOVERNMENT-Defence, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The US and its allies need to double down on the cyber-security of their satellites as space infrastructure becomes ever more integral to national security, according to a recent report ‘Cyber vulnerabilities strike at the heart of the key technologies in strategic doctrines and military planning’. 

The Pentagon and other western military forces rely heavily on space-based systems to guide weapons, gather intelligence and coordinate operations around the globe, but security gaps in their satellite infrastructure threaten to bring those functions to a grinding halt or worse, researchers at the London-based think tank Chatham House found. 

As adversaries like Russia and China ramp up their offensive cyber capabilities, they said the western world needs to lock down its space infrastructure against potentially crippling attacks. And in the meantime, “it would be prudent” for countries to assume their systems have already been infiltrated.

“If cyber threats are not effectively addressed, vulnerabilities in the strategic infrastructure could result in severe consequences for international security,” researchers wrote in a report published Monday 1st July. 

“There is an urgent need to study and address cyber-related challenges to strategic assets within NATO and its key member countries, particularly the cyber threat to space-based command and control systems.”
While researchers stressed the importance of space cyber-security for all NATO members, the US has the greatest foothold in space by far. 

According to the United Nations, the US currently has more than 1,900 satellites in orbit around the Earth. The second highest NATO member is France, with 127.

Because so many of the alliance’s global operations in both war and peacetime are coordinated through satellites, a cyber-attack against any individual system could potentially have huge downstream effects. Countries base their national security strategies on the assumption that their weapons, communications and other systems will perform as expected, but in today’s uncertain cyberspace, “this should not be taken for granted.” Though they didn’t point to any specific security holes, researchers said the alliance’s current space infrastructure is increasingly vulnerable to attack and those weaknesses “have not yet received the attention they deserve.” 

One major risk they highlighted is hazy line between commercial and military space infrastructure. Beyond the supply chain risk of buying satellites from private companies, the Pentagon and other NATO military forces often rely on commercial satellites to gather images and other data from space, the report said. 

Often these satellites aren’t built to the same strict security standards as their military counterparts, and they could be vulnerable to adversary attacks. Adversaries could also infiltrate control stations on the ground by exploiting employees at military outposts or private companies, researchers wrote.

“There is an increasing need to apply higher-grade military hardening and cyber protection specifications to civilian capabilities that have the potential to be used in support of military applications,” they said.

Given the exposure of their space infrastructure, NATO members should assume adversaries have already infiltrated their systems and invest in technology that could restore satellites in the event of an attack, according to researchers. 
Artificial intelligence and machine-learning tools could be particularly useful in spotting and responding to the latest threats, they added.

In the report, researchers also said NATO should invest in both cybersecurity as well as “active, persistent engagement” that could disrupt and deter attackers. 

‘Further planning needs to go into the integration of new technologies when securing satellites from cyber-attack. Aspirations in this area may include the ability for satellites to configure and fix themselves’. 

The report comes as the Pentagon prepares to delegate most of its space-based operations to the newly minted Space Force, which is expected to be up and running by 2020.

DefenseOne:         ChathamHouse:  

You Might Also Read:

Chinese Hack Breached US Satellites:

Robots Will Repair Satellites In Space:


 

 

« Police Forensic Firm Has Paid Ransom
US Electoral Infrastructure Is Wide Open To Hackers »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Cambray Solutions

Cambray Solutions

Cambray Solutions specializes in locating and securing technical professionals, managers, and executives.

NovaTech Automation

NovaTech Automation

NovaTech products and services make the world’s power grids and essential process industries more reliable, efficient, sustainable and secure.

LMG Security

LMG Security

LMG Security is a cybersecurity consulting, research and training firm.

Ogasec

Ogasec

Ogasec is a cybersecurity company formed by the merger between Aker and N-Stalker in 2017. Solutions include Security & Connectivity Networking, Application Security, and Managed Security Services.

AimBrain

AimBrain

AimBrain tools detect and prevent fraud, faster and more accurately than ever before.

Red Sift

Red Sift

Red Sift is the only integrated cloud email and brand protection platform, supporting organizations to secure their communications.

National Centre for Cyber Security (NCCS) - Pakistan

National Centre for Cyber Security (NCCS) - Pakistan

National Centre for Cyber Security (NCCS) undertakes cyber security research and plays a leading role in securing Pakistan’s Cyberspace.

Jacobs

Jacobs

Jacobs is at the forefront of the most important security issues today. We are inspired to be the best and deliver innovative, mission-focused outcomes that matter to our clients.

DatChat

DatChat

DatChat Inc. is a blockchain, cybersecurity, and social media company that focuses on protecting privacy on our devices and also protecting our information after we have shared it with others.

OpenAVN (DefenseArk)

OpenAVN (DefenseArk)

Defending your life online, keeping your data safe and private. We detect digital threats magnitudes faster than the leading antivirus software.

Cyber Protection Group (CPG)

Cyber Protection Group (CPG)

Cyber protection Group specialize in Penetration Testing. We work with enterprise level companies as well as small to medium sized businesses.

Software Improvement Group (SIG)

Software Improvement Group (SIG)

Software Improvement Group helps business and technology leaders drive their organizational objectives by fundamentally improving the health and security of their software applications.

Grindstone Ventures

Grindstone Ventures

Grindstone Ventures is a post-seed fund that supports post-seed equity and quasi-equity investments in early-stage innovation-driven and/or technology companies.

OX Security

OX Security

OX is a DevOps software supply chain security solution. Teams can verify the integrity and security of every artifact using a pipeline bill of materials (PBOM).

PureSquare

PureSquare

PureSquare exist to empower people with simple solutions for their increasingly complex digital security & online privacy needs.

Sonar

Sonar

AI generated or written by humans, Sonar’s Clean Code Solutions cover your code quality needs, improving code reliability, maintainability, and security.