An increasing amount of satellites are being launched in parallel with society’s increasing reliance on satellite-dependent technologies. This article provides insights and examples on cyber threats to satellites and actionable recommendations for managing this type of risk.
The number of satellites going up is increasing while hostile cyber threats are a growing concern. We have seen satellite signal jamming and spoofing by Russia and reportedly by Iran for political interests while alleged Chinese-attributed satellite interference was flagged in 2011.
Depending on how you define ‘major cyber attack’, the satellite sector has not experienced one yet. That said, any sector that has not had a major cyber attack to date will have a bigger target on its back.
Dynamic Threat Landscape for Satellites
The level of risk to satellites changes over time. It can be challenging to identify because it includes adversary motivations, resources, and capabilities.
Depending upon their capability to gain access, criminals, nation states, or insiders could be motivated to target space-based assets. For example, a nation state may be motivated during a time of conflict to manipulate or destroy data whereas a criminal may seek to exfiltrate sensitive information or engineering designs for financial gain.
Throw down the wildcard that a satellite network could be attacked simply because it is identified by the bad guys as a target of opportunity (e.g., out of date patches, legacy IT or OT system vulnerabilities) and the risk only increases.
Unique Challenges for Protecting Satellite Networks
Similar to other connected systems, threats to satellites can come from remote and onsite vectors. Satellite network vulnerabilities could come from the supply chain, insiders, physical and cyber security of ground stations, cloud-centric networks, and more. This includes inconsistent software patching, weak encryption, and old IT equipment.
Although satellite types and their proprietary software vary, the sector’s standardization of how satellites operate across multi-generational platforms and protect sensitive information helps adversaries gain a better understanding of how to target them.
Further, the barriers to entry for acquiring insights and technology to target satellites are lower than ever before. Commercially available software defined radios, antennas, and hacking tools make it easier to target space-based assets and the earth-based stations that control them.
Six Actionable Recommendations for How the Satellite Industry can Protect Itself
You cannot prevent targeting of your systems or attempted attacks. You can seek to prevent, detect, and respond to incidents.
Here are six recommendations for defending against cyber threats to satellites and space-based assets:
- Assume that you are being targeted and prepare as such. Ensure that your Business Continuity Plan (BCP) with a Disaster Recovery (DR) component is in place, tested, and updated regularly. It will be critical that IT and OT teams in the satellite sector work from the same business continuity or disaster recovery playbook when an incident does occur to contain the event efficiently and minimize negative impacts.
- Ensure a patch management policy. For example, patch management could have prevented the Equifax breach if the company had employed one. Basic security procedures still play a critical role in cyber defense.
- Evaluate your security posture with a focus on data protection. Identify any vulnerabilities and develop a cyber roadmap to enhance your defenses. Taking a data protection-focused approach can strengthen your organization’s ability to safeguard your most sensitive information from corruption, compromise, or loss. Similarly, it helps you work towards local, federal, and international legal compliance. Check out The Growing Risk of a Major Satellite Attack for more information from myself and other cyber experts on cyber threats and vulnerabilities related to satellites.
- Leverage resources across IT (Information Technology) and OT (Operational Technology) systems. With the impending merger of IT and OT systems, the blending skillsets used for both can make managing corporate security culture more challenging. Focus on technologies and a security culture that foster IT and OT collaboration. For example, when merging an IT and OT team, use a ticketing and communication system to help grow a team environment and solve security issues faster.
- Increase understanding and awareness of inventory and supply chain security. Everything is connected to an OT networks. For example, some operators are dependent on suppliers for business operations, exposing operators to risks beyond their control. One risk management solution for this is to employ a rogue network device detection capability.
- Engage with resources and peer collaboration groups. Joining forums like the Space-ISAC and attending events with like-minded executive IT and security leaders and practitioners such as CyberSatGov and CyberSatCom can help you identify potential threats and mitigations faster.
Remember, the amount of resources and security budget that an organization has does not necessarily equate to a silver security bullet for defending against cyber threats to satellites. Whether you are a small or large satellite company now is the time to determine your risk tolerance and find creative ways and partners to manage it.
Contact GPSG at cyberteam@gpsg.co for a free consultation on developing and aligning your cybersecurity strategy to best protect satellite networks and space-based assets.
Disclaimer: This blog provides ever changing content, conversations, and insights on cyber threats and trending solutions that is accurate to the best of our knowledge. Although we are cybersecurity experts, we provide information which we hope is helpful, and do not endorse any specific products, tools, or solutions referenced herein. Consult with your cybersecurity team before taking any action.