Cybersecurity in Orbit: The Growing Vulnerability of Space-based Systems

• 30 May 2023
• TM Team
• 0 Comments

The world is increasingly reliant on infrastructure in space. That’s leading to a growing realization that it needs to be protected from cyberattacks, which could do enormous damage by disrupting critical infrastructure. Satellites support the logistics systems that help bring food to market, the automatic teller machines that dispense cash from a bank, airlines that bring passengers to vacation destinations and so much more.

As complex systems that include ground-based terminals, orbiting vehicles, data in transmission and integration systems, it’s infrastructure that has a large threat surface susceptible to eavesdropping, data theft and in some scenarios, loss of service.

India actively participates in international forums and cooperates with other nations in matters of orbital cybersecurity. This collaboration includes information sharing, joint research projects, and the adoption of best practices to address common cybersecurity challenges in the space domain.

“It’s a very delicate issue,” said Antonio Pedro Timoszczuk, IEEE Senior Member. “Once the on-board technology of spacecraft or satellites became digital, it became vulnerable and a point of concern.”

The concept is more than just theoretical, though intrusions on space-based assets are largely the work of highly advanced actors. Already there have been a handful of incidents targeting communications satellites.

The growing number of cybersecurity experts focused on space infrastructure highlight a few ways that hackers could exploit space-based assets.

Service interruption and denial: Several methods exist to disrupt services from space-based infrastructure. Global positioning systems, for example, can be jammed with electromagnetic interference. They can also be spoofed, as happened in 2020 when a Berlin man walked down a street with 99 smartphones in a red wagon to simulate a traffic jam. Mapping services, which use real-time data pulled from smartphones to help people find faster routes, interpreted the 99 smartphones as 99 vehicles. Satellite systems connected to the internet may also be targets of distributed denial of service (DDoS) attacks, which flood targeted systems with traffic to take them down and are among the oldest forms of cyberattack.

Eavesdropping: A significant amount of satellite communications is vulnerable to eavesdropping because it is not encrypted. At a 2022 conference, researchers from Switzerland and England described how they were able to capture unencrypted satellite information from global aviation systems using a $400 off-the-shelf part that is usually used by people that want to watch broadcast television on their computers.

Intrusion: In a few instances, security researchers have been able to gain access to satellite networks. A Belgian security researcher, for example, was able to physically modify a ground-based receiver available to consumers to gain root level access to a satellite communications network. The incident raised questions about whether it would be possible for threat actors to gain control of a satellite.

Illicit use: In a few other instances, communications satellites have been used by unauthorized users. Brazilian authorities in 2009 arrested several people who used a 1970s era U.S. Navy communications satellite to talk over vast distances. IEEE Senior Member Euclides Chuma noted that the satellite was designed at a time when few envisioned technological advances that would make illicit use possible.

“When we deal with cybersecurity,” Chuma said, “the commercialization of space implies increasing the number of devices present in the space and each additional device represents an additional vulnerability or threat to the other devices connected to it.”