Space: The Last Cybersecurity Frontier?

Brought to you by CYRIN

Cybersecurity has truly entered a new era and a new frontier - space. David Gilbert, writing in Wired, reports that “the U.S. military recently launched a groundbreaking initiative to strengthen ties with the commercial space industry.” According to the Department of Defense, the goal of this new partnership between government and private contractors, the Commercial Augmentation Space Reserve (CASR), is to enhance U.S. national security and the country’s “competitive advantage in space.”

Space is a growing part of the critical infrastructures in the world, and the risks of cyberattacks on satellites have increased, with commercial spacecraft and military communications at risk of being dangerously compromised.

There have been a number recent attacks that have shifted the focus to cybersecurity in space: The 2022 Viasat KA-SAT attack, attributed to Russian hackers, caused widespread Internet outages and disruptions in remote sensing services across Ukraine and other parts of Europe. The 2022 intrusion into SpaceX’s Starlink terminals highlighted the sophistication of cyberattacks against satellite systems. Attackers exploited a vulnerability in the satellites’ communication system, demonstrating the need for stronger encryption and more secure software. “Although SpaceX swiftly addressed the vulnerability in its system, the incident highlighted the potential for more clever attacks that could disrupt critical infrastructure and services in the future.”

In these cases, services were severely disrupted, but there are other possible attacks that would have more severe consequences; for example, anti-satellite (ASAT) weapons are specifically designed to compromise or even destroy spacecraft. But more often than not, cyberattacks can be carried out in ways that are cheaper, quicker, and more difficult to trace.

This strategic shift with CASR by the Department of Defense is being done to encourage more global companies to participate. The hope is that the supply chain for the US military will move from a restricted pool of commercial suppliers to a broader spectrum of partners. This could complicate the choice of security systems; commercial components may be more advanced, but their vulnerabilities may be unknown. Other issues include making sure standards are upheld consistently across systems, both commercial and military. However, the U.S. military believes that CASR will give it advanced strategic capabilities, and that potential risks can be minimized by actively avoiding overreliance on any single commercial entity.

What is the future of cybersecurity in space?

A recent story on GovTech talks about a new report called Outer Space Cyberattacks, from California Polytechnic State University's Ethics + Emerging Sciences Group think tank, and it highlights different manners and motivations for cyberattacks in space. It also includes a tool that can help cybersecurity teams create hypothetical threat scenarios. Technologies and threats are constantly evolving, and as such it's important to consider a wide variety of hypothetical near-and far-future concerns. This can help shape space cybersecurity policies that remain relevant long term. The report authors write that “Outer space is the next frontier for cybersecurity.” This is primarily because so much of satellite/space revolves around safeguarding technologies that are essential to modern life: weather forecasts, navigation services for vehicles, support for credit card processing and more.

The report goes on to say that maintaining up to date cybersecurity protocols is vital but “especially difficult.” Potential vulnerabilities in the supply chain and third-party risks remain crucial as well. And it’s not just human actors and cybercriminals that’s a problem in space. Solar flares are becoming more problematic, and space radiation could cause “bit flips - turning 1s into 0s, and vice versa - that corrupt the storage of cryptographic keys onboard, which could cause a valid credential to cease working and deny access.”

According to Booz Allen Hamilton, the threats in space are many, including: the technology of rival nations, outdated systems (designed before space was a viable or contested domain); increased connectivity, which creates a larger attack surface and more potential vulnerabilities. As Brad Stone, Booz Allen’s chief information officer says, “For space cyber defense, you need to understand the mission, the ecosystem, and what threats make this environment different—whether in the systems themselves or the processes used to manage those systems.” According to Booz Allen, a crucial part of this challenge will be a migration to “open systems architecture” that will serve as the “intersection of cybersecurity and space security.” All space systems will also require safeguards such as “zero-trust architectures, secure cloud environments with continuous monitoring and interoperability over simplified networks.” This and more will be a part of the next stage of cybersecurity in the wide world of space.

The next steps for robust cybersecurity in space

Sylvester Kaczmarek, reporting for Scientific American, states that one of the most pressing issues for satellites is, “a necessity for global security and reliability.” Satellites are a part of many aspects of modern life, including “navigation, communication and commerce.” Cyberattacks could seriously jeopardize our increasingly interconnected world. Satellites have evolved significantly since the Sputnik of 1957 and play a “critical role” in connectivity and therefore, security, across the globe. They are responsible for GPS, Internet access, international defense systems, global environmental monitoring and are therefore potential crucial targets for cyberattacks. In 2021, it was estimated that the “space economy” was $386 billion and growing. In such a high-profile market, the importance of protecting satellites against cyberthreats cannot be overstated.

As noted on GovTech, satellite security is increasingly important, and multilayered consisting of the technology on the ground, the equipment in orbit and the tech providing communication linkage between the two. The ground side involves systems for processing data and disseminating information. Ensuring that hackers cannot penetrate these systems means “communication between instruments in orbit and the ground systems must be encrypted and safeguarded against attacks like jamming or spoofing.” The other problem is that equipment in space could be there for 15 years or more, and technological advances during that period could make obsolescence in the satellite a serious concern.

Chuck Brooks, reporting for Forbes, makes clear the growing concerns around security for satellites. He writes that “due to the falling cost of space access and the growing financial possibilities in the space industry, cybercrime against space systems is becoming more prevalent, which presents a great problem. Because of the dramatic increase in the volume of data arriving from satellites, concerns have been raised about the security and integrity of data transport and storage between satellites and ground systems.” Addressing these vulnerabilities in a consistent, multi-faceted approach remains crucial.

Also, according to Forbes, is the sheer number of satellite launches in the last few years. Thousands of satellites are in low Earth orbit, making them susceptible to above- and below-earth intrusions. Many communication networks are currently switching from terrestrial (land-based) to cloud-based communications due to the ability of satellites to transfer data over enormous, global distances. By 2030, it’s estimated that “25,000 satellites carrying over 500,000 petabytes of data will be launched.” This can only increase the attack surface of space and the ensuing security concerns this will create.

DarkReading also took a look at the ‘Outer Space Cyberattacks’ study done by the researchers at Cal Poly and focused on another aspect of the 95-page report. Their concern, like Forbes, was that a driver of cyber threats was how many assets have been put into space: “the rapid congestion of outer space in recent years as the result of nations and private companies racing to deploy space technologies.”

As the report notes, the number of registered objects in space - most of which are satellites - has been climbing at an astonishing pace recently after holding steady at around 150 new objects per year between 1965 and 2012. In the last two years that number stood at 2,600 new objects on average each year. The remoteness — and vastness of space — also makes it more challenging for stakeholders - both government and private - to address vulnerabilities in space technologies. There are numerous objects that were deployed into space long before cybersecurity became a mainstream concern that could become targets for attacks. Even today, “as crazy as it sounds, satellites are still being launched with no cybersecurity, such as CubeSats that are popular with university labs and others for their inexpensive cost to build and launch," the report noted. "They typically have neither the onboard room to squeeze in cybersecurity components nor the budget for it anyway."

Government response to cybersecurity in space

The military is a primary mover in helping to fortify cybersecurity in space and make it cyber resilient with the ability to protect assets, materials, and information. In a recent AFCEA Signal article, Kimberly Underwood noted the ways in which the military is strengthening cyber assets for the next generation. The new “Space Force” service will cultivate what it refers to as “cyber warriors” that will expand security “missions and operations.” The Space Force is concerned with providing security for early warning systems; intelligence, surveillance and reconnaissance satellites; nuclear command and control systems; weapons delivery platforms; satellite communications capabilities; GPS; and other systems. Moreover, adversaries are acutely aware of U.S. reliance on space and have made U.S. high-value, high-priority space systems a prime target.

In defense of the increasingly diverse and complicated cyber terrain, the Space Force intends to “deliberately develop” these cyber warriors throughout the course of their miliary careers to achieve distinct proficiency levels, labeled as basic, senior and master, which will reflect their demonstrated level of competency.

Space, indeed, is the new, exciting and unknown frontier for cybersecurity, and it will require the cooperation of government, and the private and public sectors to ensure a cybersafe future in the years ahead.


How can CYRIN help?

As noted in Wired, being able to act across the commercial and defense sectors will require key skills—one of which is being informed and educated on cybersecurity. Whether it’s in space, on the ground or points in-between, at CYRIN we know that training and education is critical when it comes to cybersecurity. Training or lack of it will have consequences. Government, education, industry, basically all parties to the situation can become part of the solution.

We continue to work with our industry partners to address major challenges including incident response, ransomware, and phishing and set up realistic scenarios that allow them to train their teams and prepare new hires for the threats they will face. Government agencies have been using CYRIN for years, training their front-line specialists on the real threats faced on their ever-expanding risk surface.

For educators, we consistently work with colleges and universities both large and small to create realistic training to meet the environment students will encounter when they graduate and enter the workforce.

In an increasingly digitized world, training, and experiential training is critical. Unless you get the “hands-on” feel for the tools and attacks and train on incident response in real world scenarios, you just won’t be prepared for when the inevitable happens. A full-blown cyberattack is not something you can prepare for after it hits.

The best time to plan and prepare is before the attack. Our training platform teaches fundamental solutions that integrate actual cyber tools from CYRIN’s labs that allow you to practice 24/7, in the cloud, no special software required. Our new programs, including Digital Twins, can create real-world conditions for you to practice before you must act. Cyber is a team effort; to see what our team can do for you take a look at our course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN. Take a test drive and see for yourself!
 


You Might Also Read: 

Cyber Insurance: The Cost Of Doing Business:  

Image: Unsplash


If you like this website and use the comprehensive7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

 

« Britain Convenes An International Cyber Skills Conference
US Healthcare Firm Loses 22GB of Data »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Continuity Shop

Continuity Shop

Continuity Shop provides training and consultancy in Business Continuity and Information Security to some of the world's biggest organisations.

CEPS

CEPS

CEPS is a leading think tank and forum for debate on EU affairs, ranking among the top think tanks in Europe. Topic areas include Innovation, Digital economy and Cyber-security.

Ubisecure

Ubisecure

Ubisecure provide Identity & Access Management solutions.

Falanx Cyber

Falanx Cyber

Falanx Cyber provides enterprise-class cyber security services and solutions. We deliver end-to-end cyber capabilities, either as specific engagements or as fully-managed services.

Regulus Cyber

Regulus Cyber

Regulus enables drones, robots and autonomous vehicles to operate safely, without malicious or accidental interference to the operation of their mission.

Matta

Matta

Matta is a cyber security consulting company providing information security services and solutions including vulnerability assessments, penetration testing and emergency response.

Wüpper Management Consulting (WMC)

Wüpper Management Consulting (WMC)

Specialized in compliance, risk management and holistic information security WMC GmbH has longtime implementation experience in global projects.

Information & eGovernment Authority (iGA) - Bahrain

Information & eGovernment Authority (iGA) - Bahrain

The Information & eGovernment Authority facilitates many services catering to different parts of the community within the IT sector in Bahrain including information security.

ubirch

ubirch

The ubirch platform is designed to ensure that IoT data is trustworthy and secure.

Point Predictive

Point Predictive

Point Predictive build Predictive Models using Artificial Intelligence and Machine Learning techniques that help our customers stop fraud and early payment default (EPD).

ditno

ditno

ditno uses machine learning to help you build a fully governed and micro-segmented network. Dramatically mitigate risk and prevent lateral movement across your organisation – all from one centralised

TRU Staffing Partners

TRU Staffing Partners

TRU Staffing Partners is an award-winning contract staffing and executive search firm for cybersecurity, eDiscovery and privacy companies and professionals.

Nitrokey

Nitrokey

Nitrokey is the world-leading company in open source security hardware. Nitrokey develops IT security hardware for data encryption, key management and user authentication.

Ross & Baruzzini

Ross & Baruzzini

Ross & Baruzzini delivers integrated technology, consulting, and engineering solutions for safe, sustainable, and resilient facilities.

ExtraHop

ExtraHop

ExtraHop's dynamic cyber defense platform uses cloud-scale AI to help enterprises detect and respond to advanced threats - before they compromise your business.

Lightpoint Global

Lightpoint Global

Lightpoint Global is a bespoke software development company. We also provide a spectrum of services such as IT consulting, business analysis, QA and testing, and DevOps services.