Cybersecurity & The New Space Race

Uploaded on 2023-02-23 in JOBS-Training, FREE TO VIEW

Promotion

While the term “space age” may have once conjured images of an “out there” intergalactic realm of spinning satellites gathering data – a world largely disconnected from our daily lives – times have changed. Satellites and terrestrial networks are nearly fully integrated, from telecommunications to GPS to reliable internet access in remote communities around the world.

In 2023, the space age is deeply connected to everything we do on land. How will this impact cybersecurity? According to Danny Palmer in an article for ZDNET, “satellites and space-based services that they provide are crucial to how we operate as a modern society.” A recent World Economic Forum article predicted that “future generations of smartphones…may well have satellite messaging capabilities for emergency communications where there is no terrestrial connectivity.”

The challenges faced by cybersecurity are no longer out of this world or even out of reach. They are stitched into the fabric of our daily routines, creating significant challenges for cybersecurity that Palmer predicts are, along with space-age technological innovations, “likely to grow.” If “cybersecurity in space is going to be arguably more important than it is on Earth,” how are industries and governments responding, and what does it mean that ensuring the security of the new space race may happen on the ground, and not in the sky?

Unique Vulnerabilities For Satellites

Until a decade ago, satellites weren’t launched by private companies, and the space race was largely the domain of governments, as well as a few select companies like Boeing and others, which were tightly contractually regulated. Computers and networks were not a part of the average person’s daily life, but now, appliances, laptops, smart watches, and other devices with connectivity are sold in the private sphere and used widely.

The explosion in private investments in space satellites and space technology from the commercial sector (Elon Musk, Jeff Bezos and Richard Branson, for example) has changed the cybersecurity landscape, creating unique and complex vulnerabilities. The complicated security aspect is often overlooked as there are no evolving standards nationally or internationally. Whereas satellites historically received data like TV signals from Earth and then amplified and mirrored them back to Earth, software-defined satellites can be reconfigured in space. While this increases vulnerability, it also means dynamic responses can be designed to respond to emergent threats.

Satellites are “more vulnerable than people realize,” according to an article by Brandon Bailey. As satellites have become “more digitized and software-driven, the attack, surface has expanded.” Just like the internet of things (IoT), an expanded surface area means more security risks, and satellites are a combination of embedded hardware and software operation in the physically isolated environment of space, which is already challenging to monitor or regulate. The more devices originate from more diverse sources, the more chances for sabotage. The fallout from an attack could be substantial and catastrophic. For example, blocking communications with a satellite could cut off vital communications and essential services – knocking out the electrical grid, for example, or allowing hackers to infiltrate other critical infrastructures on the ground, creating havoc and conflict on a wide scale.

As noted in IDST, because “the supply chain for hardware and software is depending on multiple component parts,” it makes security liability particularly complicated, especially when some of those parts are purchased overseas from different suppliers. “Where do the roles and responsibilities of hardware manufacturers, software developers, satellite manufacturers, operators and commercial users begin and end?” This will be an ongoing question as the space race develops.

Cyber-Resilience: The New Cyberecurity In Space

In addition to considering the traditional cybersecurity protocol of identity, protect, detect, recover, and respond, the new “cyber-resilient” definition also includes the ability to adapt, withstand, recover from, and adapt to stressors, attacks, or system compromises, some of which haven’t been seen before and cannot be anticipated until they occur.

Specifically, true cyber-resilience on spacecraft might require AI and/or other kinds of machine learning to build this necessary resilience.

Brad Stone, Booz Allen Hamilton’s CIO, states that, “for space cyber defense, you need to understand the mission, the ecosystem, and what threats make this environment different – whether in the systems themselves or the processes used to manage those systems.” A few points of emphasis: “location matters” as defense and intelligence space systems gather information using geographical coordinates. All connections within the “ecosystem” of satellites, ground systems, control centers, and connected devices must be checked, in addition to “ageing” software that leave potential weakness in supply chains and leave satellite systems open to attack; finally, jamming (OT attack) and pinging an uplink antenna (IT attack) – both strategies that attack the ground systems and not the satellites themselves – are an ongoing threat.

An article published by the World Economic Forum asks, “Will the battle for space happen on the ground?” This seems to be the most likely scenario, as space services have become more and more interdependent with networks on Earth. These services “support essential services such as military, utilities, aviation and emergency communications, and therefore get drawn into geopolitical conflicts on the ground. This was evident in February 2022, just as the Russian invasion of the Ukraine began, when satellite modems required a hard reset to repair compromised satellites in order to deliver vital communications to Ukrainian refugees in Slovakia.

According to RUSI (The Royal United Services Institute; the UK’s leading defense and security think tank), “It does sound a bit ‘Star Wars’ to say, but if you were to take control over a satellite, you could make it do what you want it to.”

Other threats include the possibility of planting an APT (Advanced Persistent Threat) into a satellite. Although anti-satellite weapons (ASAT) are limited in scope, with a handful of countries having orbital space capabilities, they remain real threats. In addition, regulatory frameworks have been unable to keep pace with technological evolution; hardware and satellite manufacturers, software developers, operators and commercial users must be in sync and close communication to offset cyber vulnerabilities. In other words, “security by obscurity” is no longer an option, because “as space systems have continued to grow in complexity, they are often perceived as a “black box” of poorly understood but interconnected space cyber. As private companies are increasingly involved in space technologies, the risk for criminal cyberattacks increases as well.

What Is The Role Of The U.S. Space Force?

The same cyber considerations that impact the private sector are also concerns for the Space Force, the United States’ new service about to enter its fourth year. To date, the military is one of the leaders of cybersecurity in space, planning initiatives across the space community to address cybersecurity for space systems, even in light of the absence of approved cybersecurity standards in this particular realm. With the goal of creating what’s known as “peace in orbit,” the new U.S. Space Force department is dealing with a primary battlespace that is not material, but digital, according to Josh Luckenbaugh, writing in National Defense.

Space Force, still only four years old, is concerned with how to assess cyber risks, as well as anticipate and prevent them in an ever-evolving environment. Lt. Gen. Stephen Whiting, quoted in an article from Space News, states that “the military is more comfortable dealing with physical security threats, whereas cybersecurity is a different problem that requires a nontraditional approach.” In order to increase knowledge of how to measure cyber risks, the Space Force is investing in defensive approaches to cybersecurity, versus just waiting to respond. Whiting goes on to explain that “the Space Force is now looking to add more squadrons of cyber specialists to support military units that operate communications, surveillance and navigation satellites.” Russia’s tactics in the Ukraine, when in February of 2022 they attempted to penetrate Ukrainian communications satellites in advance of the invasion underscore how these cyberweapons in space could be used to do terrible damage before, during and after on the ground conflicts.

Space Force operators recently participated in a new training exercise called “Black Skies,” overseen by STARCOM (Space Training and Readiness Command); this exercise allowed operators to experience “a mix of live fire and constructive” training. An upcoming “Red Skies” training will focus on orbital warfare to train soldiers on combatting threats in space, followed by other trainings to improve readiness and future cyber-resilience.

Cyber professionals have been commissioned directly into the Space Force industry, so one light at the end of this cybersecurity tunnel is yet more employment opportunities in the field of cybersecurity for trained professionals. Space Force will also seek to collaborate with industry partners, “setting up a commercial front door at Space Systems Command.”

See What CYRIN Can Do

At CYRIN we know that as technology changes, a cybersecurity professional needs to develop the skills to evolve with it. We continue to evolve and develop solutions with “hands-on” training and our courses teach fundamental solutions that integrate actual cyber tools from CYRIN’s labs that allow you to practice 24/7, in the cloud, no special software required.

These tools and our virtual environment are perfect for a mobile, remote work force. People can train at their pace, with all the benefits of remote work, remote training, and flexibility. Cyber is a team effort; to see what our team can do for you take a look at our course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN

Take a test drive and see for yourself!

You Might Also Read: 

The Back Door Threat To Cybersecurity:

 

« European & American Hackers Attack China
Cyber Security Strategies Need To Evolve Alongside The Enterprise »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clearpath Solutions Group

Clearpath Solutions Group

Clearpath Solutions Group expertise covers virtualization and data storage technologies, networking, security and cloud computing.

Infiltrate

Infiltrate

INFILTRATE is a deep technical conference that focuses entirely on offensive security issues.

Yubico

Yubico

Yubico sets new global standards for simple and secure access to computers, mobile devices, servers, and internet accounts.

CSIS Security Group

CSIS Security Group

CSIS provide actionable threat intelligence, prevention, incident response and 24/7 managed security services.

Ivanti

Ivanti

Ivanti provide user-centered IT solutions designed to increase user productivity while reducing IT security risk.

LIFARS

LIFARS

LIFARS is a global leader in Digital Forensics and Cyber Resiliency Services.

Kingsley Napley

Kingsley Napley

Cyber crime is an area of growing legal complexity. Our team of cyber crime lawyers have vast experience of the law in this area.

oneM2M

oneM2M

oneM2M is a global organization creating a scalable and interoperable standard for communications of devices and services used in M2M applications and the Internet of Things.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Sectyne

Sectyne

Sectyne is a full-stack cyber consultancy committed to providing tailored services, advisory consultations, and training.

Vectra AI

Vectra AI

Vectra threat detection & response - see and stop threats across hybrid and multi-cloud enterprises.

Vircom

Vircom

With a large majority of cyber attacks starting with email, Vircom provides protection against the worst email security threats to your business.

Seraphic Security

Seraphic Security

Seraphic Security provides attack protection to enable safe browsing for employees or contractors, as well as advanced governance controls to enforce enterprise policies across devices.

ThreatFabric

ThreatFabric

ThreatFabric integrates industry-leading threat intel, behavioral analytics, advanced device fingerprinting and over 10.000 adaptive fraud indicators.

Dion Training Solutions

Dion Training Solutions

Dion Training Solutions offer comprehensive training in areas such as project management, cybersecurity, agile methodologies, and IT service management.

Forensic IT

Forensic IT

Forensic IT is a specialised cyber security firm with expertise in Digital Forensics and Incident Response (DFIR).