Satellites play a huge role in our daily lives, supporting everything from global communications to navigation, business, and national security. As space becomes more crowded and commercial satellite use grows, these systems are facing new cyber threats. The challenge is even greater because many satellites still in service were designed decades ago, at a time when cybersecurity wasn’t a focus, which leaves them with limited defenses.
In this Help Net Security interview, Brett Loubert, leader of Deloitte‘s U.S. Space practice, walks us through the most pressing risks, the vulnerable points across satellite systems, and the practices that can make space operations more secure.
What are the most common or credible cyber threats currently facing satellite computer systems? Can you walk us through a scenario or real-world case that illustrates these risks?
Recently, there has been a growing reliance on commercial satellite communications. Public events have demonstrated that cyberattacks targeting these commercial satellite systems can significantly disrupt critical capabilities. Such attacks have impacted communications for military, civilian, and commercial users.
Additionally, there are satellites in orbit that are over 20 years old. This is undoubtedly a testament to the engineering of these platforms, as these legacy satellites are still fulfilling critical missions. However, they were designed before cybersecurity capabilities were pervasive and were not engineered with extra compute, memory, and storage capacity required to support cyber tools. Many of them also contain software and hardware vulnerabilities that are difficult, sometimes impossible, to patch.
The design of the satellites themselves can also pose risks. At their core, satellites are computers running operating systems and applications very similar to those on terrestrial computers. Often, the size, weight, and power considerations for these satellites create limitations on their hardware and software and as a result, they have no cybersecurity capabilities at all. This can leave many critical satellites vulnerable to cyber threats.
Cyber threats familiar to traditional terrestrial systems are also applicable to space systems. For example, phishing attacks can be used by bad actors to gain a foothold and move laterally into the satellite, where malware can then be deployed to disrupt or deny operations and capabilities.
Where are the most vulnerable points in the satellite ecosystem, from ground stations to uplinks to onboard systems?
Space systems are comprised of five distinct yet interrelated segments, each of which can present a point of vulnerability if not properly secured. These segments are:
1. Ground Segment: The terrestrial computer systems and networks used to operate space-based systems.
2. Space Segment: The on-orbit computer systems and networks that provide services in, from, and through space.
3. Link Segment: The connection between the ground and space segments, used to communicate, control, and receive data from on-orbit assets.
4. User Segment: Devices on the ground that receive services from space, such as communication devices, GPS receivers, and more.
5. Launch Segment: The rockets and supporting infrastructure necessary to place additional capabilities into orbit.
All five segments consist of both traditional and non-traditional IT and cyber-physical systems, often utilizing legacy hardware and software. For a space mission to be truly cyber secure, all five segments must be protected. This is because the segments themselves are interconnected, and a bad actor who gains access to any one segment could potentially move laterally throughout the system.
Satellites are purpose-built for specific mission outcomes, but they are not necessarily designed with cyber resilience in mind and often lack the excess capacity needed to support even the most basic cyber protections. As many in-space capabilities are now delivered through large constellations of small satellites, this compounds potential risks, and the size of the power can be even further limited.
While the other segments are more accessible and can be modernized and secured more easily, the space segment is generally not easily accessible. Flight heritage is a critical consideration and modifying proven technology to incorporate cyber protections requires balancing mission risk against cyber risk and impact. All the above makes the space segment uniquely vulnerable to threats.
What are the best practices for designing a secure satellite architecture? Could you share an example of a defense-in-depth model applied in this context?
There are several practices to keep in mind for developing a secure satellite architecture.
First, establish situational awareness across the five segments of space by monitoring activity. You cannot protect what you cannot see, and there is limited real-time visibility into the cyber domain, which is critical to space operations.
Second, be threat-driven when mitigating cyber risks. Vulnerability does not necessarily equal mission risk. It is important to prioritize mitigating those vulnerabilities that impact the particular mission of that small satellite.
Third, make every space professional a cyber safety officer. Unlike any other domain, there are no operations in space without the cyber domain. Emotionally connecting the safety of the cyber domain to space mission outcomes is imperative.
When designing a secure satellite architecture, it is critical to design with the probability of cyber security compromises front of mind. It is not realistic to design a completely “non-hackable” architecture. However, it is realistic to design an architecture that balances protection and resilience, designing protections that make the cost of compromise high for the adversary, and resilience that makes the cost of compromise low for the mission. Security should be built in at the lowest abstraction layer of the satellite, including containerization, segmentation, redundancy and compartmentalization.
Given the vast number of potential vulnerabilities, a threat-driven approach is essential when deciding which attack vectors to defend against. By prioritizing threats that are both likely and have the highest potential impact, resources can be focused where they matter most.
This balance between protection and resilience is key: protection aims to increase the cost of compromise for adversaries, while resilience means that the mission can continue with minimal disruption if a breach occurs. Advancements in virtualization, containerization, advanced encryption, zero trust principles, and other technologies are helping to strengthen both aspects.
To further enhance security, defense-in-depth methods should be employed. These include real-time monitoring, encryption of data at rest and in transit, containerized and segmented payloads and flight computer software, authentication and validation processes, satellite bus segmentation, and redundant paths.
Are you seeing adoption of zero trust principles in satellite operations and, if so, how is that being implemented practically?
More organizations are considering a zero trust approach to satellite operations, which is critical to creating a more cyber-resilient space enterprise. Part of the effectiveness of a zero trust approach is cultural. For that approach to work, there needs to be a whole team adoption and understanding of the goals and how it affects cyber resilience, and I would encourage organizations implementing zero trust to start with space programs and operators.
How significant is the software supply chain risk in satellite systems, especially for firmware and mission software?
As the space industry continues to grow, organizations are becoming increasingly dependent on space-based systems. Any risk to the supply chain has the potential for disruptions to critical functions of our government, military, businesses, and daily lives. Just as it’s important to protect each segment of a space system, supporting the resilience of the software supply chain is equally vital.
The software supply chain connects these segments, and any vulnerability can have widespread impact. Satellite systems often reduce risk by reusing firmware, operating systems, code, and protocols with proven flight heritage. However, if the software supply chain is compromised, the same vulnerable code could be present across multiple satellites or even an entire constellation. This makes understanding and securing the software supply chain critical for overall system protection.
Source link
