Much of modern life is powered by satellites. Communications, navigation, defense, timing, weather, environmental and other critical systems depend on data transmitted through a rapidly growing volume of satellite networks.
This integral component of our critical infrastructure has always faced some level of security risk, such as from tracking and monitoring, signal jamming and other orbital threats. However, traditionally there had not been any significant events with a widescale impact. That changed on February 24, 2022, with Russia’s successful cyber-attack of a major satellite broadband service on the first day of their invasion of Ukraine. Tens of thousands of modems were disabled and connectivity was disrupted in multiple European locations.
Cybersecurity industry experts have long called for prioritizing satellite communication (SATCOM) security, pointing out vulnerabilities such as those Russia was able to exploit. An analysis published in mid-2023 by German researchers reported the discovery of software vulnerabilities in three satellite systems they studied, including a defect in a code library that they believe is used by multiple other satellite systems. These and other issues likely result from trade-offs made in the interest of functionality and access. The report pointed out that space systems are built by aerospace engineers, not software engineers for whom cybersecurity is second nature.
The expanding number of Low Earth Orbit (LEO) satellites in mega constellations, which exhibit significantly increased footprint and complexity than those in traditional geostationary orbit (GEO), face escalating cyber threats on much larger attack surfaces. In the race to build out space-based mesh networks for early provider advantage, security may be overlooked. Thousands of LEO satellites are already launched and many more coming. It will take only one successful breach to potentially disrupt an entire global constellation and impact large numbers of users and critical applications.
Protecting space-based networks
Retrofitting security into legacy satellite infrastructure already in orbit is challenging—vulnerabilities may be hardwired in, or systems were not designed to be updated without disrupting their functionality or active customer services. But new LEO systems have the opportunity to implement security from the ground up, adopting it as intrinsic to every component, including ground stations, user antennas, modems, satellites, operating and business software systems, and customer portal and API interfaces.\ Following these five best practices will help:
1. Adhering to rigorous standards. The United States National Institute of Standards and Technology (NIST) provides a 6-phase cybersecurity framework that offers satellite providers a clear guideline to understand, manage and reduce their cybersecurity risk, thereby strengthening protection of their networks and data. The phases—Identify, Protect, Detect, Respond, Recover and Govern (pending)—support a full lifecycle structure while allowing flexibility for satellite companies to apply specific methods and processes that best fit their requirements. Compliance with the NIST 800‑171 standard will prove that providers adhere to fourteen specific objectives to ensure cyber resiliency. Compliance with NIST 800-53 will go a step further to ensure providers meet strict US government requirements of the Federal Information Security Management Act (FISMA).
The U.S. Space Force is also launching the Infrastructure Asset Pre-Approval Program (IA-Pre) , which mandates compliance to many of the NIST 800-53 controls, to grade the suitability of commercial satellite communication systems to carry sensitive government data. Adhering to this rigorous standard will have the side benefit of increasing security and resiliency for commercial customers as well.
2. Requiring and enforcing supply chain discipline and accountability. The thousands of parts and software components in the satellite supply chain, which are made both domestically and abroad, are vulnerable to threats that could be embedded anywhere along the chain. Cyber attackers are highly adept at finding ways to inject malicious capabilities, even through the least obvious or unsuspecting suppliers. Satellite providers should ensure that any specifications they issue for parts, software, or services that could affect either their own data or data entrusted to them by others (i.e., enterprise data transiting their networks) mandate strict cybersecurity controls. Once vendors are in place, providers must require regular auditable proof that those controls are implemented and followed by all members of their supply chain.
3. Implementing encryption for telemetry, tracking and command (TT&C). TT&C establishes the critical link between a satellite and the ground segment of the network. It is essential to keep this interface secure, and separate from the satellite operator’s corporate network, particularly since ground-based attacks against TT&C are quite difficult to launch so likely will come from sophisticated nation states adversaries. Hosting satellite control systems on air-gapped networks, using cryptographic equipment that meets the high bar set by the Committee on National Security Systems Policy (CNSSP), and applying standards like AES-256/FIPS 197 will ensure the integrity and confidentiality of the TT&C traffic and the resiliency of the satellite control systems.
4. Securing ground connectivity. Disseminating satellite data to terrestrial users is satcom’s ultimate purpose; but satellite providers’ ground-based network infrastructure is subject to the same multitude of threats as any other terrestrial, internet-connected network. There are a host of security technologies that address network cyber threats available for operators to select and apply for their security stack and, of primary importance, physical access controls to prevent unauthorized access to and tampering of ground-based equipment.
5. Bolstering cyber hygiene. Perhaps the most important vulnerability to address is the human factor – whether someone who may be tricked into helping a bad actor gain network access (i.e., through phishing or social engineering), a malicious insider, or even overworked technical staff that slip up on patching, system misconfiguration, or other common errors. It’s well known that human error is the leading factor in cyber breaches, with a recent study claiming it’s as high as 88% of incidents. Satellite providers must continually emphasize the criticality of good cyber hygiene practices among their entire staff, offer regular education and refreshers and build a security-centric culture and mindset. Segregation of duties, privileged access management, logging and auditing, and other techniques can greatly mitigate the human risk.
The right stuff, right now
There is no doubt the LEO race is on. LEO is the path to the future. The proliferation of near-Earth satellites will power enterprises to tackle new addressable markets, driving their growth and innovation. Here at the beginning of a new satellite era, satellite providers have the opportunity – and the obligation – to make cybersecurity integral to everything they do. Our secure satellite future depends on it.
Charles Vaillancourt is Chief Information Officer at Telesat, a Canadian satellite communications company.