Why we need increased cybersecurity for space-based services
- Space services used to be separate from Earth’s networks, but this pattern has changed in recent years, with the two becoming increasingly interdependent.
- Space-based services support essential services such as the military, utilities, aviation, and emergency communications, and are therefore involved in geopolitical conflicts on Earth.
- That is why there is a need to increase cybersecurity around space-based services, as well as regulatory frameworks and the collaboration of all stakeholders.
While space activities have multiple benefits for the Earth by supporting the United Nations SDGs, providing weather forecasts, and innovating to stop climate change, they are also exposed to potential vulnerabilities and security risks that need to be managed.
Space communications technology will change the lives of millions of people by enabling connectivity in places that today are not accessible by terrestrial broadband connectivity. Space exploration is projected to generate $ 1.2 trillion in retail revenue by 2020-2030. The potential of space-based services has driven an influx of private actors into what was previously seen as a predominantly government-dominated environment.
Traditionally, space and terrestrial systems were largely isolated from each other, each serving a different set of users and requirements. This model has changed in recent years, as systems become more complex with greater interconnections between Earth-Space networks. Future generations of smartphones, for example, may have satellite messaging capabilities for emergency communication where there is no terrestrial connectivity.
Digital transformation has also led to the establishment of interfaces between systems and, most importantly, through traditional trust limits (partners, customers, etc.). In addition, the adoption of large constellations of satellites is driving the number and complexity of ground control and service support infrastructures, thus increasing the potential attack surface.
Space-based services are strategic and therefore not immune to geopolitical conflicts
Just as space services are critical to modern life, they also support essential services such as the military, utilities, aviation, and emergency communications. This makes them especially attractive, especially in times of geopolitical unrest, for cyberattacks, the impact of which is unpredictable.
In 2022, we saw that cyberattacks on satellites serving one country could disrupt the critical national infrastructure of another. In February 2022, just as the Russian invasion of Ukraine began, a large number of satellite modems in Ukraine and other parts of Europe were cyberattacked and shut down, forcing the global operator Viasat to make a hard reset after which it could continue to deliver. vital communication, even with Ukrainian refugees in neighboring Slovakia. In March 2022, SpaceX sent thousands of Starlink satellite Internet terminals to Ukraine to provide Ukrainian citizens with access to communication.
Historically, most satellites can be considered bent tubes in space (that is, the uplink signal is received, amplified, translated at a downlink frequency, amplified from new and is directed towards the earth by means of a high-gain antenna). They received data from the Earth, such as television signals, amplified it, and reflected it back to Earth. They are now becoming more complex with the advent of software-defined satellites. Satellites are built to be strong and robust and can operate in isolation from each other. They are connected to private networks that are not in themselves accessible from the Internet. The arrival of software-defined satellites means that satellites can be reconfigured into space, allowing space-based services to adjust in response to changing demand and respond dynamically to threats as they go. that arise.
With the influx of new market participants, many more satellites are being put into orbit, especially with large constellations of 100 or even many 1,000 satellites. Ignoring the ongoing discussions on space sustainability, the large number of satellites in these networks means that if a satellite is compromised, a new path can be organized, but at the same time, it potentially opens the door to take advantage. the satellite network due to its widely deployed terrestrial infrastructure and commercialized spacecraft design.
Increased interdependence between satellites and technology on Earth
Satellites are playing a critical role in communications on Earth and are already an integral, albeit invisible, part of communications networks and systems with dependencies on position and time information, such as GPS. In the future, consumer services will move through terrestrial and space systems as technical standards for the integration of NTNs with terrestrial networks are implemented. As an example, cell phone signals can switch seamlessly from terrestrial tower signals to satellites without citizens noticing the transition. These technological changes will increase the interdependencies between satellites and technologies on Earth.
In the future, we can be sure that the resilience of critical services on Earth will become increasingly intertwined with the resilience of satellites in space. However, satellite operators have experience in cybersecurity. They have long had experience in hardware and network security and have experience in sectors with strict security requirements such as government, military, oil and gas, shipping and finance. In addition, satellite operators are increasingly using cybersecurity tools and products to provide enhanced security to key customers and to differentiate and create a competitive advantage. Some satellite operators are working on new data encryption methods, such as QKD, which are ideal for the space environment.
Space-based services may be subject to more cyberattacks
However, the conflict in Ukraine has shown that space has been and will continue to be very relevant in times of geopolitical conflict. As these trends are likely to continue, we will see new threat actors, targeting space systems to affect the critical services enabled by satellites. In this context, how do we ensure that the growing interest in space services does not expose society to more cyber vulnerabilities? What can be done to ensure that the development of new space technologies and services is safer?
Discussions between the Global Future Councils of the World Economic Forum on Cybersecurity and Space, held in April 2022, suggest that governments, along with those that operate, use and benefit from space-dependent technologies, should to identify critical space-enabled services and should prioritize ensuring their end-to-end cyber-resilience.
For better management of cyber threats, stakeholders need to work together
Added to this is the complexity of dealing with third parties. As satellite-based service infrastructures become more complex and evolve into complete end-to-end services, they involve more stakeholders operating different parts of the infrastructure. The hardware and software supply chain depends on multiple components, making it difficult to identify responsibility and accountability for the ultimate security and resilience of the services provided. Where do the roles and responsibilities of hardware manufacturers, software developers, satellite manufacturers, operators, and commercial users begin and end?
Another aspect is the regulatory frameworks that have not been able to keep pace with the evolution of technology. This is a problem for cyber resilience in all sectors, not just space. Proper regulatory frameworks are part of the solution, but they need time to develop, especially if they need to be harmonized internationally, and action needs to be taken now.
In the longer term, clear lines of communication should be created to support the exchange of information before, during and after cyber incidents to complement the work of the space ISAC (Center for Analysis and Exchange of Information). spatial information) and to improve the cyber resilience of space. Services based on satellite networks. This will require collaboration between governments, satellite makers, operators, software developers and service users. Everyone has a role to play, including the exchange of lessons and experiences from each domain. As terrestrial and space systems become increasingly integrated and distinctions blur, a collaborative and informed exchange is needed between what have traditionally been seen as separate areas of cyber threat management.