August 29, 2023

Space, the Cyber Frontier

By: Caleb Larson

A milestone in space exploration was just achieved by India. On August 23rd, their Chandrayaan-23 spacecraft landed on the moon’s south pole, making them the first nation to land a craft near this area of the moon and putting them alongside the three other nations that have managed the feat to any degree. Space travel is still in its infancy, meaning there is ample groundwork to be laid to ensure its growth is successful. A major component in this endeavor will be ensuring proper cybersecurity is in place for space systems involved in both commercial industry and national defense. If the United States wishes to become the leader in space and retain the position for long, it must prioritize the secure development of its program, defend the private sector, and remain vigilant for space based cyberattacks.

The U.S. Air Force hosted its 2023 Hack-A-Sat competition during the DEFCON hacking convention to see what teams of hackers could do when given access to one of its satellites. This year was quite different from previous iterations because an actual orbiting satellite was used instead of a simulated one. The goal for participants was to find a way to override the satellite’s controls on what it can photograph and download a picture of a specified target.

The more important goal for the Air Force was to identify potential vulnerabilities in their systems through a procedure known as a penetration test wherein the techniques and tools of malicious hackers are simulated by employees, or in this case, cyber research teams. The use of an actual satellite in this competition is important because the closer you can get your penetration test to match the real-world environment, the closer you can get to discovering the actual vulnerabilities that adversaries could abuse.

These competitions also raise awareness of the importance of securing space systems. A decade ago, there were around a thousand satellites orbiting Earth. Estimates are that in a decade this number will balloon to tens and possibly hundreds of thousands of satellites. Starlink alone plans to have 42,000 satellites deployed in the coming decade. It is much harder to secure a system after it has been deployed, and the challenge only rises the more complex the system is. Baking cybersecurity into the development process is a priority for businesses looking to reduce their attack surface as it enables them to catch issues before going live and remediate them at a time where it is much easier. The federal government must take cybersecurity into account very early in the development and manufacturing phases of their space software and hardware. It must also encourage private sector companies to do the same and if necessary, require it through a sound regulatory framework that does not inhibit growth.

Cooperation between government and business is key when it comes to cybersecurity. In space, this relationship will be no different. On August 18th an advisory went out from the National Counterintelligence and Security Center (NCSC) and the Air Force Office of Special Investigations (AFOSI). In it they warn that space focused private companies are being targeted by foreign intelligence services due to the “importance of the commercial space industry to the US economy and national security.”

The trouble for these companies comes from the integration into their host nations’ critical infrastructure that their systems have. Companies like satellite internet provider Viasat illustrate this as it was attacked at the outset of the Russian invasion of Ukraine. SpaceX similarly found itself in the crosshairs as Russian cyberattacks on the Starlink system increased after the invasion. The federal government must put out guidance for these companies to follow and make sure that assistance is available for any entities looking to harden their systems. Relationships between the two must be created and maintained as well so that companies can be alerted to potential intrusion attempts and receive valuable intelligence.

Space is already a vital domain for the United States’ economy and national security, and it is going to increase in importance in the coming years as more nations develop capabilities in space. Cybersecurity will be one of the most important ingredients in ensuring the United States maintains dominance in this arena. Our federal government must make sure that they maintain the cybersecurity of their own space program and provide their private sector partners with the resources and support they need to defend themselves from well-equipped and highly motivated foreign adversaries. The line between private and public gets blurred when defending critical infrastructure and our enemies are looking to capitalize on the confusion. In this new cyber frontier, the costs are too great to get this rollout wrong.