Why Cybersecurity in the Space Sector is Crucial

space satellite above earth
Reliance on Space Assets

 

As the number of satellite systems orbiting in space continues to grow, so does society’s dependence on these assets for the functioning of critical systems. Specifically, satellites are integral for functioning security systems: weather satellites, cellular communications, GPS navigation systems, and intelligence gathering, to name a few. Today, almost 5,500 active satellite systems are orbiting the earth, with the prediction of an additional 58,000 to be launched by 2030. 

 

Damage done to these critical satellite systems would prove to have significant consequences. The destruction of just one satellite could leave large regions of the earth without any essential systems, making space assets an attractive target for cyber threat actors. In a bold, yet true statement,  The Defense Department’s Space Development Agency stated in 2021 that cyber-attacks, not missiles, are the single greatest threat to satellites. 

 

World Conflict Via Space

 

Amid ongoing attacks from Russian towards Ukraine this week, a Russian official made threats targeted toward Western satellites specifically. Ukraine’s military relies on Elon Musk’s SpaceX for broadband internet, empowering the Russian official to threaten to “strike” Western satellites if it continued to aid Ukraine. 

 

According to The Hill, cyber-attacks on the space sector have been going on for years. They cited that in 2018 Chinese hackers infected U.S. computers that control satellites. In 2019 Iranian hacker groups tried to trick satellite companies into installing malware, and one reported that Russia had been continually hacking the global navigation satellite system and sending incorrect navigation data to thousands of ships to throw them off course. 

 

Emerging Threats

 

Alarmingly, there are several ways satellite systems can be attacked. They could compromise ground control systems directly connected to orbiting satellites or inject malware into the communications between satellites and computers connected to them, or they can disrupt, snoop, or manipulate communications. 

 

Most recently, an attack on Ethernet’s newest and fastest subset of networks called Time-Triggered Ethernet (TTE), which has been implemented in aerospace and power industries, suffered a new form of attack called PCspooF. According to IEEE Spectrum, TTE has been implemented in flight-critical aircraft systems, NASA spacecraft, and wind turbines.

 

Andrew Loveless, one of the researchers who discovered the threat, described PCspooF as an attack on TTE networks that allows a single Ethernet device to tear down the vital synchronization of a TEE network while simultaneously preventing the TTE device from being able to communicate, resulting in complete failure of the system. A TEE network system failure could be catastrophic for technologies using the network.  

 

 

Conclusion

 

In a significant first step, the U.S. is working towards naming the space sector as the 19th critical industry with the proposal of the Space Infrastructure Act. Like other vital industries, space’s critical assets also need to be protected, and with the number of satellites being launched into orbit continually increasing and the possibility of commercial space travel becoming a possibility within our lifetime, the need for increased cybersecurity in the sector will only become more critical. We, as humans, rely so heavily on satellites for not only the aspects of our daily lives, but for the functioning of other essential industries. Making the space industry a critical sector is the first step towards a society that prioritizes cybersecurity in space. 

 

 

You May Also Like…

What is SOAR?

What is SOAR?

Already stretched thin, security teams often need help with the overwhelming volume of alerts and incidents they must manage daily. This level of data can lead to slower response times, missed...

read more

Request a Demo

AgileBlue is a software company with an innovative SOC-as-a-Service for 24X7 network monitoring, cloud security, data privacy and compliance.

Our modern SOC-as-a-Service is built on innovative machine learning and autonomous execution. If you would like to discuss our SOC-as-a-Service, Partner Program or schedule a brief demo please give us a little info and we will contact you immediately.