Art byHurca!

Securing the final frontier: Why space systems need cybersecurity too

Today’s global economies and governments rely on space-dependent infrastructure – a new frontier for cybersecurity.

Today’s global economies and governments rely on space-dependent infrastructure – a new frontier for cybersecurity.

It seems an age away when we’d have to refer to a printed map to find our ways around a new city or find the best hiking trails. Today, most of us just open Google Maps on our phones to find our exact locations, thanks to GPS satellites orbiting 20,200 km above our heads. Only a few years ago, getting online on an airplane was unheard of. Now we can browse away on a transatlantic flight thanks to communications satellites some 35 thousand kilometers away.

Most of us take space technology for granted everyday of our lives. With satellites supporting global communications – not to mention a raft of everyday economic, government and military functions – it shouldn’t come as a surprise that it’s also a potential target for cybercriminals. As the internet itself extends to the final frontier, potentially as far as human colonies on Mars in the not-so-distant future, it’s time to explore the wider implications of cybersecurity in the space age.

To boldly go where no hacker has gone before

Our overwhelming reliance on space technology puts us in a precarious position. In industries like transport and logistics, location data is routinely recorded in real time from GPS satellites and sent to back offices to allow teams to track drivers and assets. Organizations which have remote outposts or ocean-going ships can’t exactly get online via a mobile or cable network, so they have to use communications satellites instead. On top of that, satellites store sensitive information they collect themselves, which might include images of sensitive military installations or critical infrastructure. All these things are attractive targets to various types of cybercriminal.

Increasingly, data is transmitted via, and stored on, orbiting satellites. The continued proliferation of space exploration will only increase the reach of our connected environment. Given the high value of data stored on satellites and other space systems, they’re potentially attractive targets for cybercriminals. Although residing in the vacuum of deep space makes them less vulnerable to physical attacks, space-based systems are still ultimately controlled from computers on the ground. That means they can be infected just like any other system.

Attackers don’t even need to be expert hackers from space-faring nations. And neither do they need direct, physical access to control systems belonging to organizations like NASA, ESA or Roscosmos. While navigational satellite systems like GPS (US), GLONASS (Russia) and Beidou (China) might not be the easiest targets to hack, there are dozens of other satellite owners of global communications. On top of that, thousands more companies rent bandwidth from satellite owners for selling services like satellite TV, phone and internet. Then there are hundreds of millions of businesses and individuals around the world which use them. In other words, it’s a pretty large potential attack surface which is connected directly to the internet.

According to Will Roper of the US Air Force, we’re still relying on cybersecurity procedures from the ’90s to protect orbital satellites. That’s because space-based systems are typically built in a closed-box environment – or (excuse the pun) in a vacuum. The problem is today almost every system has software in it – the International Space Station runs on Linux, and the Mars Curiosity Rover runs the highly specialized VxWorks on its onboard computers. The problem with any kind of software is that it can have bugs, which cybercriminals could try to exploit. Imagine, for example, the sort of ransoms cybercriminals might get away with demanding if they took over a $400-million satellite. To demonstrate the risk, as well as raise awareness to their bug bounty program, the US Air Force recently challenged hackers to try to hijack an orbiting satellite.

The role of cyberespionage and the militarization of space

Like many technologies we’ve come to rely on, space systems are largely the result of national security objectives and military advancement. The space race itself was a competition between the United States and the Soviet Union. Fortunately, nations came together to ban weapons of mass destruction from space and promote the peaceful use of the final frontier. Unfortunately, the world’s biggest powers aren’t doing a good job of keeping space a peaceful environment for all, and have started putting pressure on each other by testing controversial new capabilities.

Indeed, reconnaissance satellites have been deployed in space ever since the 1950s, and all the world’s superpowers now depend on them for making strategic military decisions. Whether it’s for detecting missile launches or intercepting stray radio waves, these machines routinely handle some of the most sensitive data of all – the sort that could cause a war were it to end up in the wrong hands. Naturally, this heightens the incentives for state-sponsored attackers to hack their rivals in the same way that the commercialization of space makes communications satellites attractive targets to cybercriminals.

State-sponsored attacks targeting space assets could manifest in various ways: GPS signal jamming could render missile guidance systems useless. Gaining access to unencrypted satellite links could allow hackers to hijack satellite communications. Civilian and military operations alike could also be impacted directly if the US were to shut off GPS, which is owned entirely by the US government but used all over the world.

What are the challenges facing digital security in the space age?

The biggest challenge facing space-age cybersecurity is the fact that so few organizations, all of which are enormously dependent on funding from a handful of governments, ultimately have control over space-based assets. Almost all of the world’s launch facilities are owned and operated by the governments of US, Russia, China, Japan and South Korea. Further down the hierarchy, there are dozens more companies which own satellites, and many companies which own data-bearing systems on the Earth’s surface.

This paints a rather poor picture for data democratization – end users’ access to digital information. With the power to grant access to and manage digital assets in space being in the hands of so few, the risk of attack is lower, but such systems are also high-value targets for state-sponsored attackers.

But things are gradually changing with the democratization of space and data. Already, private companies are promising to offer faster and cheaper ways to access space. Some companies are even working on putting cloud data storage there where it’s safer from data breaches that rely on physical interaction. Still, if someone has digital access, that’s all it takes to compromise the system. At the same time, it’s hard to argue that space is being democratized when it’s a frontier exclusive to only the wealthiest individuals, businesses and governments in the world. That will undoubtedly change, but we might have to wait a few centuries before we can casually hop online on a trip between the Earth and the Moon.

Article reflects the opinions of the author. Published in 2019.

Securing space

Find out how Kaspersky is training cosmonauts in cybersecurity

Cosmonaut training

Suggested articles
Author info
Free Future of Work guide

Free Future of Work guide

Sign up for monthly Secure Futures emails and get The Future of Work: A Guide for Business Leaders for free.