Satellite Cybersecurity

Topics:

• Threat actors - who and why?
• How Vulnerable Are Satellites To Cyber Attack?
• Cyber Attack Vectors
• Methods Of Interference
• The ConsequenceOf A Cyber Attack On Satellite Infrastructure

Threats to Satellite Communications

Cyber Threats Satellite communication systems are susceptible to several threat factors, that may be unintentional or intentional. Unintentional threats originate from natural events such as natural disasters, extreme weather and environmental effects inside and outside Earth, and in some cases by human installations or services. 

Intentional threats have a different origin with respect to the scope and damage they intend to achieve in any element of the satellite communication system. These include causing physical damage, to the ground station or to the satellites using anti-satellite weapons, as well as cyberattacks. A satellite cyber attack can target any of the above segments – covering both the physical and cyber world. Such attacks usually have one of three purposes, to exfiltrate data (break confidentiality), tamper with data (break integrity), or disrupt a service (break availability). In the physical world, this might involve jamming and spoofing satellite navigation signals. In the cyber world, it could mean quietly intercepting unprotected data. 

Threat actors - who and why?

The dependency on satellite communications is not exclusive to developed states only, and is in use in most countries, and its disruption may seriously affect critical industries, causing loss of information, infrastructure, or significant economic damage. Due to this, threat actors that may target satellite communications are:

• APT groups, and States setting out to create military advantages in space, or seeking to steal strategic quantities of intellectual property and having sufficient computing power to crack encryption codes.
• well-resourced organized criminal elements seeking financial gain (for example - through ransomware attacks).
• Terrorist groups wishing to promote their causes, even up to the catastrophic level of satellite collisions with space debris including a cascade of collisions – called the Kessler Effect, denying the use of space for all actors.
• Individual hackers who simply want to prove and fanfare their skills. 

[^TOP^]

How Vulnerable Are Satellites To Cyber Attack?

Because satellite operations are led by technologies that are housed on earth, those earth-bound entry points offer cyber attackers with an enormous number of potential inroads for hacking. The vast number of entry points also compounds the difficulty of tracing and shutting down a cyber attack.

Also, one of the most significant weaknesses that is common to all satellite systems is the use of long-range telemetry for communication with ground stations. The uplinks and downlinks are often transmitted through open telecom network security protocols that are easily accessed by cybercriminals.

IoT devices that utilize satellite communications pose additional potential points of entry for bad actors.

A cyber attack is not a monolithic threat — it can take many forms, have diverse entry and exploitation vectors, and can enable a host of crippling effects when triggered.

cyber threats are relatively cheap to develop compared to other anti-satellite technologies. Additionally, cyber attacks can have a large attack radius, targeting an entire constellation of satellites.

Another factor that may pose a threat to satellite communications, is the recent Low-Earth-Orbit Satellite race. SpaceX is currently the world's largest low-orbit satellite operator, with plans to have 42,000 satellites in space over the next 10 years. However, SpaceX and other rival companies are under pressure to achieve this goal by accelerating the production of their satellites at low cost, which could result in a lack of security in their construction and operation. 

[^TOP^]

Cyber Attack vectors on Satellite communication

• The most common scenarios for a satellite network’s exploitation are phishing attacks and web page attacks (cross-site scripting, cross-site request forgery, and “drive-by” attacks). These vulnerabilities allow the attacker to redirect the target to another website which downloads a program to the target, commonly known as a trojan horse. 

• DDoS attack - against the computer network used by the ground station could effectively jam a satellite without having to get involved with radio frequency issues. 

• Most satellites launched in recent years rely on computers that are installed in the satellite themselves and that require regular upgrades through remote access. In addition, the technology is often off-the-shelf and, just as with all electronic devices, a software ‘back door’ and zero-day attack could be present in one of the many thousands of components in a single satellite, allowing cyber attackers hidden access. 

[^TOP^]

Methods Of Interference:

Threat actors may use these methods to interfere with satellite transmission: 

• Jamming

Jamming is a technique for hacking and jamming satellite communication just like DOS/DDOS attacks. Jamming is a technique used to interrupt radio frequency transmissions by replacing them with different ones to avoid the receivers being able to acquire the data they were expecting and is considered the easiest way of hacking. 

• Spoofing 

Spoofing is the ability to capture, alter, and retransmit a communication stream in a way that misleads the recipient. Attacking the communication segment via spoofing involves taking over the space system by appearing as an authorized user. Once established as a trusted user, false commands can be inserted into a satellite’s command receiver, causing the spacecraft to malfunction or fail its mission. Spoofing is one of the most discreet and deniable forms of attacking our space systems. 

[^TOP^]

The ConsequenceOf A Cyber Attack On Satellite Infrastructure

A cyber attack on a key node in the space sector could have a great potential to affect critical national and international capabilities. Some cyber-attacks have a political background and their aim is to affect essential services in some nations to cause damage, malfunction, or result in chaos in their population, which is considered cyber terrorism. 

The areas that will be impacted:

• Cyber attacks on defense and military satellite systems may cause a reduction in national security, military or defense capability. Such attacks would increase the uncertainties in intelligence gathering and analysis and introduce uncertainties and delays in attributing actions and attacks to potential perpetrators, increase the risks of misperception, and thus further complicate decision-making in times of crisis. In the event of a conflict, one country’s ability to disable or destroy one or more of another country’s satellites would give it a significant tactical advantage. This may also affect military strategic and tactical missile systems, which rely on satellites and the space infrastructure for navigation and targeting, command and control, operational monitoring, and other functions. 

• Reduction in the capacity of communications, observation capability or navigation precision. 

• Denial or changes in orbits that may cause a collision among satellites. Any satellite that can change orbit can be considered a space weapon. If the orbit changes so as to enter the pathway of another satellite then a collision will ensue, destroying one or both of the satellites and creating space debris that will continue to pose severe risks for other satellites far into the future. 

• Corruption of communications, including precise timing systems, leads to a lack of confidence. 

• Physical control of satellites may prove very attractive to attackers, who would most likely target industrial control systems (ICS), and specifically their vulnerable supervisory control and data acquisition (SCADA) systems. internet-connected exposed control systems with exploitable vulnerabilities that could allow malevolent actors to take ‘full control of systems running energy, chemical, and transportation systems. 

• Destruction of a space vehicle or ‘cook’ or ‘grill’ its solar cells through deliberate exposure to damaging levels of highly ionizing radiation, or holding it to ransom. 

• Destruction of a complete launcher and payload assembly, possibly during the launch phase, puts the uninvolved general public at risk. 

• Corruption or deletion of data being transmitted from satellites. 

• Interception of communications including sensitive intellectual property. Rerouting of communications to allow easier interception. 

[^TOP^]