Space systems face many well-known types of attack, including orbital, kinetic, and electronic warfare, but are also vulnerable to forms of cyber threat. Cyberattacks can occur across multiple segments — space, communications link, and ground — within a space system architecture and are often overlooked in wider discussions of cyber threats to critical infrastructure.
- Satellites are more vulnerable than some people realize per the National Institute of Standards and Technology (NIST), a cyber attack is “an attack, via cyberspace, targeting an enterprise’s use of cyberspace for the purpose of disrupting, disabling, destroying, or maliciously controlling a computing environment/infrastructure; or destroying the integrity of the data or stealing controlled information.”
- With the overall advancement of knowledge around space technologies, “security by obscurity” for space systems no longer exists, and as satellites have become more digitized and software-driven, the attack surface has expanded. There are a variety of methods adversaries can use to disrupt, disable, destroy, or maliciously control satellites or their ground-based systems which command/control the satellites. The methods range from “script kiddie” attacks — individuals on the ground — known as a TIER I threat, to nation-state level attacks, including supply chain intrusions or space-based attacks. A cyber attack is not a monolithic threat — it can take many forms, have diverse entry and exploitation vectors, and can enable a host of crippling effects when triggered.
- As space systems have continued to grow in complexity, they are often perceived as a “black box” of poorly understood but interconnected space-cyber. This is dangerous because cyber threats are relatively cheap to develop compared to other anti-satellite technologies. Additionally, cyber attacks can have a large attack radius, targeting an entire constellation of satellites.
The physical nature of a space vehicle and its operational environment are critical when analyzing the cyber threats and vulnerabilities of a satellite mission. The satellite must be able to communicate, maintain orbit, and deliver power to mission-significant components. Based on space vehicle mission impact, these are the three systems likely to be targeted. If the ability to communicate is subverted, i.e., attacking Telemetry, Tracking & Command (TT&C) systems, then the asset will be unable to support its mission. Similarly, should an adversary target the vehicle’s orbital dynamics by modifying the attitude control algorithm or firing a thruster to destabilize the space vehicle, the effects would be devastating to the mission. With any capability degraded or removed, a mission could be compromised.
-
Subversion of ground system capabilities by utilizing the ground system to maliciously interact with a satellite
-
Communications hacking on TT&C systems via command link injection, replay attacks, or electronic attacks like jamming and spoofing
-
Malicious features embedded during hardware development, including hardware-based trojansDesign vulnerability exploitation, where designed-in features of the system are used for malicious purposes, i.e., direct memory writes to a satellite
-
Software-defined radio compromise
-
Software weaknesses and vulnerabilities exploitation
-
Insider threats
- The tactics to attack a space system vary depending on the entry point or target. A space system is comprised of the ground segment, the link segment, and the space segment. The tactics will differ depending on which segment is attacked.
-
The ground segment is comprised of mostly traditional information technology like Windows and Linux workstations and servers, so traditional Tactics, Techniques, and Procedures (TTPs) will work from the ground system to the level of the modems and antennas. Attacks on modems and antennas resemble an Industrial Control Systems (ICS) attack. Many of the TTPs from MITRE’s Adversarial Tactics, Techniques, and Common Knowledge, or ATT&CK, framework are commonly successful on ground systems. A combination of MITRE ATT&CK for Enterprise and ICS can be leveraged to identify ground system vulnerabilities.
-
Ultimately the tactics used would be geared to the objectives an adversary wants to achieve — it could include denying ground telemetry and mission data processing, denying all communications to the satellite, denying the ground’s ability to perform satellite commanding, degrading confidence in system health tools, compromising mission data, exfiltrating mission data or even executing commands on the satellite.
-
There are fewer tactical options for the link segment as these are more widely understood and well-protected. A long-standing practice for satellite providers is to protect the link segment with Communications Security (COMSEC) used to secure the confidentiality of data at rest or in motion (transmission), and Transmission Security (TRANSEC) used to ensure the availability of transmissions and limit intelligence collection. Without these protections, tactics like jamming, spoofing, command link instruction, radio frequency replay attacks, etc. can be used to impact the satellite. Link layer attacks are more electron warfare than cyber but should be considered when developing a space system strategy.
-
As for the space segment, satellites are traditionally composed of many elements that process, store, and transmit data, each of which could potentially serve as an attack surface. Satellites are a combination of embedded hardware and software operating in the physically isolated environment of space.
-
While the system is in development on the ground, however, it is exposed to many of the same threats traditional embedded systems face. The satellite itself can be compared to an internet of things (IoT) device in space. Adversaries undoubtedly seek means to exploit resident vulnerabilities to gain access to, and act upon space vehicle capabilities.
- Attitude Determination and Control (AD&C)
- Command and Data Handling (C&DH)
- Electrical Power and Distribution Subsystem (EPDS)
- Propulsion Subsystem (PS)
- Structures and Mechanisms Subsystem (SMS)
- Telemetry, Tracking, and Command (TT&C)
- Thermal Control Subsystem (TCS)
-
When targeting a satellite, the flight software would likely be targeted more than most other subsystems given the integration with C&DH and the other subsystems within the satellite’s architecture. Flight software (FSW) based attacks extend through the entire lifecycle of the mission. FSW is re-programmable during the life of the mission; therefore, adversaries have time during development on the ground through post-launch operations to insert or activate malicious logic.
-
Hardware-based attacks would be mostly restricted to pre-launch where physical access is more widely available. Protecting the hardware supply chain or hardware from physical intrusion during development is critical, but protecting the FSW layer, or the re-programmable logic on FPGAs, requires careful attention throughout the space vehicle’s lifecycle. Like any computational system, satellites are vulnerable to cyber intrusions during all phases of engineering, deployment, and operations. When dissecting the applicable cyber threats and vulnerabilities, it is important to identify an attacker’s desired goals to determine where and how an adversary may target a satellite.
Are cyber security measures for space systems markedly different than protections for terrestrial networks?
- Security measures will vary depending on the segment. The controls you apply on the ground and link segment are different than the space segment. However, there are tried and true security principles that transcend the segment. Access control, authentication, authorization, least privilege, etc. are all items that can apply to any segment. Security is sometimes branded using phrases like “zero-trust,” but ultimately security for any sector comes down to guiding principles.
Space Policy Directive-5 (SPD-5), released in September 2020, highlighted the following security measures that must be considered for space systems:
- Physical security of TT&C environment
- TT&C protection using encryption or authentication
- Jamming and spoofing protections
- Supply Chain Risk Management
- Insider Threat
- Follow basic cyber hygiene as well as adherence to National Institute of Standards and Technology (NIST) guidance
With space cyber threats emerging from nation-state actors, government and industry stakeholders identified the need for implementation of additional defenses. Space-centric cybersecurity standards and governance have been slow to materialize, however, and are lagging behind the growth of the cyber threat. Defense-in-depth techniques for space system protection must be adopted across government, industry, and the international community to ensure systems are resilient to cyber compromise. Potential solutions will include increased cooperation across these domains and require a blend of policy, standards, and technical solutions.
The following considerations are imperative and must have appropriate security controls implemented to protect, detect, respond, and recover:
- Protect the ground system from cyber attack
- Protect the ground-to-space command link and any cross-links
- Establish robust strategy for cryptography key management. If key management is poor or keys are stolen, encryption provides little value on protection
- Protect the supply chain and protect the development environment from compromise. Given the complex nature of space vehicle supply chains and the expanding commercialization of space, protecting the supply chain is becoming of utmost importance
- Ensure secure software development procedures are in place to prevent design flaws, insecure logic, and coding defects that could affect the flight software
- Design for cyber resiliency on-board the satellite to ensure proper detection, recovery, and response leveraging automation, machine learning, and other forms of artificial intelligence
There is no single authoritative definition for cyber resiliency, but there’s a strong commonality among cybersecurity organizations and operational contexts. NIST’s definition for cyber resiliency is the ability “to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.” The application of resiliency for a spacecraft could mean adaptation, absorb/withstand, anticipation, and recovery. These terms also align with the traditional cybersecurity framework for identify, protect, detect, recover, and respond. A spacecraft would need to be able to self-heal or adapt while withstanding a cyber attack in addition to anticipate, i.e., detect, attacks it hasn’t seen before. Cyber resiliency on spacecraft may require aspects of machine learning / artificial intelligence to achieve this goal.
A distinction needs to be made between cybersecurity challenges for systems that are currently operational, i.e., on orbit, versus those that are in active design or development. Guidance may differ significantly between these two states due to the constraints and potential solution space afforded to mission owners. Especially for satellites, discussion of challenges is mainly focused on future system deployments. For systems currently in operations, addressing cybersecurity issues is mostly relegated to updates on the ground segment. Software updates can be made in orbit, but these can be risky therefore usually not performed due to potential mission loss.
Thankyou soo much for reading . I hope my this repo helps you a lot . once my research is complete i will upload two more repo first one on How Russian Hackers Hack Ukranian Satellite And in second one We Analysis CYSAT Demo Satellite Hack How CYSAT Hack Satellite Moving In Orbit