Impact of Satellites on Cyber Threats

Technology has experienced an exponential growth beyond the imaginations of most of us. It’s part and parcel of our daily lives. This evolution has led to an even heavier dependence on space assets, such as satellites, ground stations, space crafts, navigation ad meteorological satellites. Our critical infrastructure depend on these assets as well. Unfortunately, these assets are either unprotected or have minimal protection against the war waging against us; cyber-war. For example, even though several of our Department of Defense constellations rely on encrypted transmissions emanating from the ground-control segment to the spacecraft, they are inadequately protected. Defense-in-depth is non-existent. Need to know or least permissions, intrusion detection, intrusion prevention, and recovery, should an attacker manage to circumvent the encryption are not in place. The most prominent potential ingress for a cyber-attack against such a system is the ground-control station. Non-governmental space activities use cutting-edge technologies and produce valuable data and are, thus, targets for cyber espionage, including economic cyber espionage, and cybercrime. Cybersecurity and space security are intimately linked. With the up-rise capabilities and growing dependence on satellites, their vulnerability is fast becoming apparent, although they have been overlooked for years. This paper discusses cyber threats associated with space assets with an emphasis on satellites; the importance of satellites and cyber threats faced.

“As if we don’t have enough threats here on Earth, we need to look to the heavens — threats in space,”

–          Daniel Coats, the director of national intelligence

Space systems can be defined as “the devices and organizations forming the space network.” (King, et al). Some of these are satellites, Global Positioning Systems (GPS), ground stations, space infrastructure, spacecraft, user terminals, launch systems, space surveillance tools and computer systems. Without space systems, satellites will not be able to orbit the earth at different altitudes and angles, global communications, airplanes, maritime, financial services, weather, environmental monitoring and defense systems will not be a reality. U.S. military forces will have a substantial reduction in operations in country and across the globe. Law makers will not be able to make informed decisions about issues surrounding our nation’s security, financial, economic, civil, and communications standing. In our world today, space is the new platform to carry out research and find answers to questions and issues we have left unanswered for decades.  Exploration by spacecraft and robots have been this a reality. “Our space capabilities are a source of national pride and an investment in the science and research and development needed to maintain U.S. global competitiveness.” (“Space Systems – Aerospace Industries Association,” 2017).Without a doubt, space assets are vital assets! The many fundamental systems on which our way of life depends and function. Compromising these systems could spell immediate disaster for the entire universe. Space assets have been classified as the main warfare deterrence to keep the United States, its allies and foes relatively peaceful and prosperous. Furthermore, space systems help in the execution of vital information and keep our 16 critical infrastructures coordinated. In the financial sector, stock market transactions are synched to facilitate global trade. Added to the above, “global navigation services, such as GLONASS and GPS that are used for trans-oceanic shipping and in daily civilian travel depend on these vulnerable assets.” (Hutchins, n.d.).Space systems, such as the Air Force Satellite Control Network, and NASA’s Deep Space and Near Earth Networks comprise a space segment and a ground segment, respectively. The former generally consists of satellites in orbit. The latter is a set of geographically distributed stations with powerful satellite communications equipment that sends and receives command and control telemetry data.

This rapid evolution of technology has made it almost impossible to have a timely response in place for threats.  To an extent, millennials utilize digital gadgets in ways that make it challenging for generation X and baby boomers to keep up. With a majority of our decision makers being in the latter category, they are having a hard time understanding the scope of the threats. Digital ageing is at war with legacy systems. An attacker can compromise the confidentiality, integrity, or availability of a satellite through vulnerabilities in its mobile and stationary ground segment components (satellites must accept communications including command and control information from the ground segment), compromising the ground segment may enable an attacker to take control of a satellite completely. This threat is particularly potent if there is a single bus architecture type for all types of telemetry received by the satellite, where different components are linked by one bus.

Why the need to defend and protect our space assets? Cyber defense of space assets is considered a top priority by the United States military. Space assets for a long time, have been left bereft of security measures against cyber-attacks. The focus of security in space assets is most of the time based on strong boundary protection in the ground segment with encryption in place to protect communications with the satellites. Space assets in general are designed with few if any cyber defenses. If an adversary were able to gain access to the ground segment, there are often few or no protections to prevent them from directly controlling the asset. Moreover, given the remoteness and lack of physical access to space assets, the domain represents one of a kind challenge. For instance, satellite firmware updates that may require more than a single fly-by can only be done when the satellites are visible to ground stations. A firmware update that should be directed to several satellites may end up being beamed to a single satellite across various passes over a ground station, before eventually being transmitted by that satellite to others.  It has been noted that security is rarely considered and incorporated into the build of satellites, which further compounds the issue. Closely linked to this, many of these aging satellites contain legacy code from a time before security was taken as seriously as it is today.

The tasks of securing outer space and cyberspace are converging. Our online activities depend on space-enabled communication and information services. The operation of satellites and other space assets relies on online connectivity.

  According to Les Johnson, in his book “Sky Alert! When Satellites Fail,” It is difficult

to find a realm of modern life that is untouched by GPS. Modern satellite reconnaissance is used for all aspects of military information gathering – detection and imaging of adversary command, mobilization, and training areas; tracking of ground forces, ships, and aircraft; and intercepting communications. Satellites have made it possible to monitor global climate patterns and changes using satellite remote sensing. Everything we have learned and continue to learn about the cycles that drive our climate change and our impact on the global ecosystem has come from observing satellites.

Space agencies, the satellite industry, cybersecurity researchers, nongovernmental bodies, and intergovernmental satellite organizations show increasing awareness of the space cybersecurity challenge. Josh Hartman, a former senior Pentagon official and Air Force officer, argued before the satellite industry’s first cybersecurity summit held in 2017 that, on cybersecurity, “most of the space community . . . has their heads in the sand.” The “attack surface” of space activities is expanding, but governments and industry are not taking adequate action (Digital and Cyberspace Policy Program, 2018).

The benefits of satellites have advanced and extended into several application areas. Satellites have not only given us accurate information on earth’s resources but have also given us accurate information to remote, isolated and deprived locations. In our healthcare industry, satellites are being used to teach and educate medical students in very remote areas. Distance learning is a reality anywhere and everywhere. In Razani’s book titled “Information, Communication and Space Technology,” he notes that satellite communications offer a distinct benefit over “terrestrial alternatives by being universal, versatile, reliable, seamless, fast expandable, and flexible.” (Razani, 2018, p. )

Protecting space activities requires understanding the particular cyber vulnerabilities that arise in various space operations. For example, satellite cybersecurity encompasses the satellite itself, transmissions to and from earth, and ground stations. Meteorological and observation satellites are used to observe weather as well as land and waters; communication and broadcasting satellites are used for the Internet and broadcasting; and positioning satellites are used to navigate aircrafts and ships. Our military are actively involved in outer space activities and utilize a variety of satellites. There is no concept of national borders in outer space, meaning that the utilization of satellites enables them to observe, communicate to, and position any area on earth. In January 2007, China conducted an Anti-Satellite (ASAT) test to destroy its aging satellite with a missile launched from the Earth’s surface. The resulting space debris3 was spread across the satellite’s orbit, which was noted as a threat against space assets such as satellites owned by countries. Since existing frameworks, including the “Outer Space Treaty” that prescribed the peaceful use of outer space, do not have provisions on avoiding the destruction of space objects and actions triggering debris, among others, in addition to threats posed by anti-satellite weapons and space debris on space assets.

Geopolitical competition among nations stimulates the militarization of space, this in turn spurs them on to devise cyber espionage, interference, and attack strategies against rivals’ space operations. China is suspected of engaging in cyber operations against U.S. satellites. Research has shown Chinese military writings emphasize the need to target U.S satellites to “blind and deafen the enemy.” In 2016, General John E. Hyten, commander of the Air Force Space Command, briefed Congress. He stated that “adversaries are developing cyber tools to deny, degrade, and destroy” U.S. space capabilities that support war fighting, critical infrastructure, and economic activity.

The assets possessed by the United States of America are so destructive they could render vast portions of the earth uninhabitable for centuries. Unfortunately, with this power comes the onus of a responsibility to ensure that these assets are always available, that they are without any issues, and most importantly, that they are never in danger of unauthorized use by a malicious attackers or nation states with ulterior motives.

Consider this: “The Iridium satellite network consists of 66 active satellites in low Earth orbit. Developed by Motorola for the Iridium Company, the network offers voice and data communications for satellite phones, pagers, and integrated transceivers around the world. The largest user of the Iridium network is the Pentagon. The major problem, ‘isn’t that Iridium has poor security. It’s that it has no security.” -J. M. Porup, It’s surprisingly simple to hack a Satellite. The Iridium satellite network was developed in the 1980s but unfortunately was already obsolete by the time it was launched. For a very long time, satellite developers believed that satellites in space would be too difficult to hack, regardless of the software capabilities of an adversary. It was hard to grasp what has today become a part and parcel of our lives. Research has shown several industrial groups across continents are seeking to perform interesting space science experiments. The Department of Defense is looking to employ massive fleets of small, inexpensive satellites for space situational awareness, as well as orbital debris tracking and cleanup.

The concern always with these is that security is an afterthought.  In today’s competitive environment, where being the first to market usable innovative technology means the difference between surviving and caving in, security concerns are often brushed aside. In the rush to get products to market, designers and manufacturers often skip or pay only passing attention to important security controls. This is already causing immense concern for machine designers, manufacturers, and insurance companies. With the impending proliferation of small satellites and the importance of the missions for which they depend, this could mean a disaster that affects the lives of people as well as the safety of other space assets, which may be a combination of expensive, irreplaceable, vital to national security, or vital to quality of life. Advanced Persistent Threats (APTs) are most often used to exfiltrate vital information from a business or government target over a long period of time. In the space domain, NASA has been a primary target over and over again for APTs aimed at cyber espionage. Given NASA’s status as the most advanced space program in the world, certain specific foreign governments have strong motivation to steal intellectual property from NASA. Stealing these highly valued intellectual property prevents a county from spending billions of dollars for research and development.  Consequently, Red October and Cloud Atlas hackers are hard at work developing cyber espionage APTs. Of note, Chinese hackers have used such remote access toolkits to steal the plans for advanced US weapons systems, including: the F-35 Joint Strike Fighter, the FA-18, the Patriot Missile System, RQ-4 Global Hawk drones, the P-8 Poseidon Reconnaissance Aircraft, the UH-60 Blackhawk helicopter, the littoral combat ship, the Aegis Ballistic Missile Defense System, and the Army’s Terminal High Altitude Area Defense (THAAD) Missile Defense System. They have also used these APTs to attack the United States Transportation Command, one of the ten unified commands of the Department of Defense responsible for moving US troops and military equipment around the world.

In its FY2018, SOC audit report, NASA indicated some of its shortfalls, one being it was not well positioned to meet current and future needs.  NASA drove home the direness of the situation in their FY 2012 Security Audit Report. (“Audit of NASA’s Security Operations Center,” n.d.)

Cyber threats for space-based systems in general and satellites in particular take many forms. While one attack might involve jamming, spoofing, or hacking of communications or navigational networks, another might target or hijack control systems or specific electronics for missions, shutting down satellites, altering their orbits, or “grilling” their solar cells through deliberate exposure to damaging radiation. Still another might strike at satellite control centers on the ground.

As in other areas of cyber conflict, players and motivations abound. States or non-state actors could use such attacks to create military advantages in space prior to or during a war. Government agencies or corporations with sufficient computing power to crack encryption codes could use cyber-attacks on satellite systems to steal strategic quantities of intellectual property. Well-resourced criminal organizations could steal significant amounts of financial information and funds. Groups or even governments could initiate catastrophic levels of satellite run-ins with space debris, perhaps even causing a cascade of collisions, known as the Kessler Effect. This could be used to deny other nations the use of space. 

Perhaps the most worrying vulnerabilities involve satellite-enabled navigational systems. Many such systems have been developed, but the most widely used is the Global-Positioning System commonly known as GPS. Much of the world’s infrastructure relies on this system, yet it was not originally intended for civilian use, and therefore not designed with security in mind. A successful spoofing cyber-attack could introduce erroneous timing signals, which are used for determining precise locations. This has been making the news headlines lately. For instance, if aimed at a power grid, this type of attack will result in calamitous overloads, leading to cascading equipment failures and even major blackouts. In 2016, “ when 15 satellites accidentally broadcast signals that were inaccurate by 13 microseconds, telecom companies using Chronos GPS services were hit with 12 hours of thousands of system errors.” (Lewis, & Livingstone, 2016)

Cyber-attacks on satellites have the potential to undermine the integrity of strategic-weapons systems overall and destabilize deterrence relationships. Should a  military crisis hit, the potential for cyber-attacks could cast doubt on intelligence and increase the risk of misperception, as well as threaten missile systems, both strategic and tactical, which rely on satellites and the space infrastructure for navigation and targeting, command and control, operational monitoring, and other functions. Because cyber technologies are within the grasp of most states and non-state actors, they level the strategic field and create hitherto unparalleled opportunities for small aggressive governments to instigate high-impact attacks.

A big concern with all of this is the now popular internet of things. As satellites and satellite constellations continue to grow in number—a very good thing in terms of human connectedness, scientific research, and space exploration, the exponential growth of technology and our heavy reliance on these fast smart gadgets is serving as the gateway for cyber-attacks. 

The international supply chain of satellite components, with the associated uncertainties about provenance and standards of production, along with back-door holes in encryption, is increasingly hard to regulate. The costs associated with cyber security, in both software and hardware, are rising, and in low-cost space missions where the commercial price of implementing security measures rivals the value of the mission, the temptation to neglect them and hope for the best is high.

 So what are we as a nation doing to reduce risks and build resilience in cyber space? In my opinion, there isn’t a one-size fit all solution to this. At the May 2018, tech expo held in Pasadena, CA, David Davis, chief systems engineer for the Air Force Space and Missile Systems Center summed it up.  “The technical practices we employ today will continue to drive high costs.” Manufacturing these satellites with the right security in place right from scratch may cost us a little now, and keep our satellites and space assets safe in the long term. Gen. Joseph Dunford, the chairman of the Joint Chiefs of Staff has assured us we can expect the best. Going forward, we as a nation “have started to invest in a category we call ‘space resilience,’ which is a variety of things.”

References

• Application of a robust control algorithm for satellite cyber-security and system resilience – IEEE Conference Publication. (n.d.). Retrieved from https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7943903
• AUDIT OF NASA’S SECURITY OPERATIONS CENTER. (2018, May 23). Retrieved from https://oig.nasa.gov/docs/IG-18-020.pdf
• Erwin, S. (2018, June 1). On National Security | Big hurdles for small satellites in the military market – SpaceNews.com. Retrieved from https://spacenews.com/on-national-security-big-hurdles-for-small-satellites-in-the-military-market/
• Fidler, D. (2018, April 3). Cybersecurity and the New Era of Space Activities. Retrieved from https://www.cfr.org/report/cybersecurity-and-new-era-space-activities
• Hutchins, R. Retrieved from http://www.cs.tufts.edu/comp/116/archive/fall2016/rhutchins.pdf
• Johnson, L. (2013). Sky Alert!: When Satellites Fail. New York, NY: Springer New York.
• King, C, et.al (n.d.). Space Doctrine. Retrieved from http://www.au.af.mil/au/awc/space/au-18-2009/au-18_chap04.pdf
• Lewis, P., & Livingstone, D. (2016, November 21). The cyber threat in outer space – Bulletin of the Atomic Scientists. Retrieved from https://thebulletin.org/2016/11/the-cyber-threat-in-outer-space/
• Razani, M. (2018). Information, communication, and space technology. Boca Raton, FL: Taylor & Francis Group.
• Space Systems – Aerospace Industries Association. (2017, June 15). Retrieved from https://www.aia-aerospace.org/sector/space-systems/
• Werner, D. (2018, May 23). Air Force focus on resilience means big changes for spacecraft manufacturing and testing – SpaceNews.com. Retrieved from https://spacenews.com/air-force-focus-on-resilience-means-big-changes-for-spacecraft-manufacturing-and-testing/