Cybersecurity & The New Space Race

Uploaded on 2023-02-23 in JOBS-Training, FREE TO VIEW

Promotion

While the term “space age” may have once conjured images of an “out there” intergalactic realm of spinning satellites gathering data – a world largely disconnected from our daily lives – times have changed. Satellites and terrestrial networks are nearly fully integrated, from telecommunications to GPS to reliable internet access in remote communities around the world.

In 2023, the space age is deeply connected to everything we do on land. How will this impact cybersecurity? According to Danny Palmer in an article for ZDNET, “satellites and space-based services that they provide are crucial to how we operate as a modern society.” A recent World Economic Forum article predicted that “future generations of smartphones…may well have satellite messaging capabilities for emergency communications where there is no terrestrial connectivity.”

The challenges faced by cybersecurity are no longer out of this world or even out of reach. They are stitched into the fabric of our daily routines, creating significant challenges for cybersecurity that Palmer predicts are, along with space-age technological innovations, “likely to grow.” If “cybersecurity in space is going to be arguably more important than it is on Earth,” how are industries and governments responding, and what does it mean that ensuring the security of the new space race may happen on the ground, and not in the sky?

Unique Vulnerabilities For Satellites

Until a decade ago, satellites weren’t launched by private companies, and the space race was largely the domain of governments, as well as a few select companies like Boeing and others, which were tightly contractually regulated. Computers and networks were not a part of the average person’s daily life, but now, appliances, laptops, smart watches, and other devices with connectivity are sold in the private sphere and used widely.

The explosion in private investments in space satellites and space technology from the commercial sector (Elon Musk, Jeff Bezos and Richard Branson, for example) has changed the cybersecurity landscape, creating unique and complex vulnerabilities. The complicated security aspect is often overlooked as there are no evolving standards nationally or internationally. Whereas satellites historically received data like TV signals from Earth and then amplified and mirrored them back to Earth, software-defined satellites can be reconfigured in space. While this increases vulnerability, it also means dynamic responses can be designed to respond to emergent threats.

Satellites are “more vulnerable than people realize,” according to an article by Brandon Bailey. As satellites have become “more digitized and software-driven, the attack, surface has expanded.” Just like the internet of things (IoT), an expanded surface area means more security risks, and satellites are a combination of embedded hardware and software operation in the physically isolated environment of space, which is already challenging to monitor or regulate. The more devices originate from more diverse sources, the more chances for sabotage. The fallout from an attack could be substantial and catastrophic. For example, blocking communications with a satellite could cut off vital communications and essential services – knocking out the electrical grid, for example, or allowing hackers to infiltrate other critical infrastructures on the ground, creating havoc and conflict on a wide scale.

As noted in IDST, because “the supply chain for hardware and software is depending on multiple component parts,” it makes security liability particularly complicated, especially when some of those parts are purchased overseas from different suppliers. “Where do the roles and responsibilities of hardware manufacturers, software developers, satellite manufacturers, operators and commercial users begin and end?” This will be an ongoing question as the space race develops.

Cyber-Resilience: The New Cyberecurity In Space

In addition to considering the traditional cybersecurity protocol of identity, protect, detect, recover, and respond, the new “cyber-resilient” definition also includes the ability to adapt, withstand, recover from, and adapt to stressors, attacks, or system compromises, some of which haven’t been seen before and cannot be anticipated until they occur.

Specifically, true cyber-resilience on spacecraft might require AI and/or other kinds of machine learning to build this necessary resilience.

Brad Stone, Booz Allen Hamilton’s CIO, states that, “for space cyber defense, you need to understand the mission, the ecosystem, and what threats make this environment different – whether in the systems themselves or the processes used to manage those systems.” A few points of emphasis: “location matters” as defense and intelligence space systems gather information using geographical coordinates. All connections within the “ecosystem” of satellites, ground systems, control centers, and connected devices must be checked, in addition to “ageing” software that leave potential weakness in supply chains and leave satellite systems open to attack; finally, jamming (OT attack) and pinging an uplink antenna (IT attack) – both strategies that attack the ground systems and not the satellites themselves – are an ongoing threat.

An article published by the World Economic Forum asks, “Will the battle for space happen on the ground?” This seems to be the most likely scenario, as space services have become more and more interdependent with networks on Earth. These services “support essential services such as military, utilities, aviation and emergency communications, and therefore get drawn into geopolitical conflicts on the ground. This was evident in February 2022, just as the Russian invasion of the Ukraine began, when satellite modems required a hard reset to repair compromised satellites in order to deliver vital communications to Ukrainian refugees in Slovakia.

According to RUSI (The Royal United Services Institute; the UK’s leading defense and security think tank), “It does sound a bit ‘Star Wars’ to say, but if you were to take control over a satellite, you could make it do what you want it to.”

Other threats include the possibility of planting an APT (Advanced Persistent Threat) into a satellite. Although anti-satellite weapons (ASAT) are limited in scope, with a handful of countries having orbital space capabilities, they remain real threats. In addition, regulatory frameworks have been unable to keep pace with technological evolution; hardware and satellite manufacturers, software developers, operators and commercial users must be in sync and close communication to offset cyber vulnerabilities. In other words, “security by obscurity” is no longer an option, because “as space systems have continued to grow in complexity, they are often perceived as a “black box” of poorly understood but interconnected space cyber. As private companies are increasingly involved in space technologies, the risk for criminal cyberattacks increases as well.

What Is The Role Of The U.S. Space Force?

The same cyber considerations that impact the private sector are also concerns for the Space Force, the United States’ new service about to enter its fourth year. To date, the military is one of the leaders of cybersecurity in space, planning initiatives across the space community to address cybersecurity for space systems, even in light of the absence of approved cybersecurity standards in this particular realm. With the goal of creating what’s known as “peace in orbit,” the new U.S. Space Force department is dealing with a primary battlespace that is not material, but digital, according to Josh Luckenbaugh, writing in National Defense.

Space Force, still only four years old, is concerned with how to assess cyber risks, as well as anticipate and prevent them in an ever-evolving environment. Lt. Gen. Stephen Whiting, quoted in an article from Space News, states that “the military is more comfortable dealing with physical security threats, whereas cybersecurity is a different problem that requires a nontraditional approach.” In order to increase knowledge of how to measure cyber risks, the Space Force is investing in defensive approaches to cybersecurity, versus just waiting to respond. Whiting goes on to explain that “the Space Force is now looking to add more squadrons of cyber specialists to support military units that operate communications, surveillance and navigation satellites.” Russia’s tactics in the Ukraine, when in February of 2022 they attempted to penetrate Ukrainian communications satellites in advance of the invasion underscore how these cyberweapons in space could be used to do terrible damage before, during and after on the ground conflicts.

Space Force operators recently participated in a new training exercise called “Black Skies,” overseen by STARCOM (Space Training and Readiness Command); this exercise allowed operators to experience “a mix of live fire and constructive” training. An upcoming “Red Skies” training will focus on orbital warfare to train soldiers on combatting threats in space, followed by other trainings to improve readiness and future cyber-resilience.

Cyber professionals have been commissioned directly into the Space Force industry, so one light at the end of this cybersecurity tunnel is yet more employment opportunities in the field of cybersecurity for trained professionals. Space Force will also seek to collaborate with industry partners, “setting up a commercial front door at Space Systems Command.”

See What CYRIN Can Do

At CYRIN we know that as technology changes, a cybersecurity professional needs to develop the skills to evolve with it. We continue to evolve and develop solutions with “hands-on” training and our courses teach fundamental solutions that integrate actual cyber tools from CYRIN’s labs that allow you to practice 24/7, in the cloud, no special software required.

These tools and our virtual environment are perfect for a mobile, remote work force. People can train at their pace, with all the benefits of remote work, remote training, and flexibility. Cyber is a team effort; to see what our team can do for you take a look at our course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN

Take a test drive and see for yourself!

You Might Also Read: 

The Back Door Threat To Cybersecurity:

 

« European & American Hackers Attack China
Cyber Security Strategies Need To Evolve Alongside The Enterprise »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Security Weekly

Security Weekly

Security Weekly provides free content within the subject areas of IT security news, vulnerabilities, hacking, and research.

Quantivate

Quantivate

Quantivate is a provider of web-based Governance, Risk, and Compliance (GRC) software and service solutions.

Cybernetica

Cybernetica

Cybernetica is an ICT company with activities in e-government, marine comms, data analysis and research in information security technologies.

Fox-IT

Fox-IT

Fox-IT prevents, solves and mitigates the most serious cyber threats with smart solutions for governmental bodies, defense, law enforcement, critical infrastructure, banking and large enterprises.

Infosec Train

Infosec Train

Infosec Train provide professional training, certifications & professional services related to all spheres of Information Technology and Cyber Security.

Bessemer Venture Partners (BVP)

Bessemer Venture Partners (BVP)

Bessemer Venture Partners was born from innovations that literally forged modern building and manufacturing. Today, our team of investors works with people who want to create revolutions of their own.

Infosec Global

Infosec Global

Infosec Global provides technology innovation, thought leadership and expertise in cryptographic life-cycle management.

HancomWITH

HancomWITH

Hancomwith is an information security company. We provide optimized blockchain solutions in areas including next-generation authentication, security and digital asset transaction.

JFrog

JFrog

JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime.

xorlab

xorlab

xorlab is a Swiss cybersecurity company providing specialized, machine-intelligent defense against highly engineered, sophisticated and targeted email attacks.

NGN International

NGN International

NGN International is a full-fledged systems integrator and managed security services provider established in 2015 in Bahrain.

Xmirror Security

Xmirror Security

Xmirror Security focuses on integrated detection and defense of the continuous threat to the DevSecops software supply-chain with artificial intelligence technology as the core.

HashiCorp

HashiCorp

At HashiCorp, we believe infrastructure enables innovation, and we are helping organizations to operate that infrastructure in the cloud.

ConductorOne

ConductorOne

ConductorOne is building the identity security platform for the modern workforce.

Amplix

Amplix

In the race to create value for your enterprise, Amplix is your best asset for making technology decisions and optimizing your IT infrastructure, cloud usage, and security posture.

Driven Technologies

Driven Technologies

Driven is a cloud native service provider transforming the way companies leverage technology to improve business by securing, modernizing, and connecting applications, users, and data.