Protecting the frontier of space systems is unquestionably a security priority for governments and industry. Due to our increasing reliance on space, and particularly satellites, for communications, security, intelligence, and business, satellite and space cybersecurity is becoming increasingly important in this new digital era.
In recent years, there has been an increasing number of satellite launches. Currently, thousands of satellites are in low Earth orbit, where they are vulnerable to cyberattacks from both above and below. With the use of satellites to transport data across vast, worldwide distances, many communication networks are currently transitioning from terrestrial (land) based communications to cloud-based communications. Due to the dramatic reduction in launch costs, there are now more satellites in low Earth orbit than ever before. This has increased the number of potential targets for hackers to target, both in space and at control centers located on Earth.
It is anticipated that 25,000 satellites will be launched by 2030, handling more than 500,000 petabytes of data. This underscores the hazards to the economy and data security that come with this increased susceptibility. According to Sam Visner, tech fellow at Aerospace Corporation and the vice chair of the board of directors of the Space Information Sharing and Analysis Center, space systems are essential to almost every critical infrastructure you can think of, including finance, energy, oil and gas, transportation, healthcare, and agriculture.
Countries are depending more and more on space as a mission-critical and developing frontier for information sharing and surveillance. By keeping an eye on adversary threats and geopolitical moves, they also play a crucial role in national security. In fact, at the beginning of the Russian invasion of Ukraine, an alarming event occurred when an attack occurred that caused disruption to the Ukrainian satellite communications provider ViaSat. And this was not the only cyber-attack targeted satellite incident in recent years.
The national security establishment has recognized that cyber-threats are becoming a greater threat to satellites and communications networks. The US Space Systems Command recently announced beta testing for cybersecurity guidelines regarding commercial satellites in response to those concerns. Because the space business is becoming more and more important to the global economy, the FBI, the National Counterintelligence and Security Center (NCSC), and the Air Force Office of Special Investigations (AFOSI) recently released an advisory warning of cyberattacks on the sector.
In December 2023, in an effort to strengthen mission cybersecurity efforts for both public and private sector space activities, NASA has released the first version of its Space Security Best Practices Guide. The Space System Protection Standard, which encapsulates NASA's ongoing commitment to assisting in the development of precise cybersecurity principles for its space systems, is reflected in the guide. In order to promote the objectives of Space Policy Directive 5, Cybersecurity Principles for Space Systems, the agency created the handbook. 7.22 - Space Security: Best Practices Guide - SW Engineering Handbook Ver D - Global Site (nasa.gov)
A Space Systems Critical Infrastructure Working Group was established by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) last year. The group, which unites stakeholders in the space system's critical infrastructure, is made up of representatives from government and business and functions under the auspices of the Critical Infrastructure Partnership Advisory Council (CIPAC).
I was privileged to be a member of that working group, and soon industry-focused recommendations and initiatives on cybersecurity for space systems will be made available. The role of the working group is especially important as networks are changing from terrestrial (land) based communications to the cloud, taking advantage of satellites to move data over large, international distances. CISA Launches a Space Systems Critical Infrastructure Working Group | CISA
Securing space systems is imperative. Satellite security must be comprehensive covering every facet of both terrestrial and orbiting satellites, including end-user routers and ground communications systems. There is a non-kinetic threat to space assets. Adversaries can interfere with or take down satellites and ground-based equipment using a variety of tactics. Through Earth-bound entry points, satellite operations can provide cybercriminals with a multitude of hacking avenues. The utilization of long-range telemetry for communication with ground stations is one of the shortcomings of satellite systems. Cybercriminals can access the open protocols used to send the uplinks and downlinks.
The late Paul Ferrillo, Esq., and I wrote a piece for Homeland Security Today titled "Protecting Space-Based Assets from Cyber Threats." Hstoday Protecting Space-Based Assets from Cyber Threats - HS TodayIn that article we provide a non-exhaustive list of security components below that can be used to protect satellites, space-based assets, and ground-based control flight networks.
Below are some of our suggestions that incorporated a variety of government and non-governmental sources:
1. Every satellite is engineered with security from the ground up, not as an afterthought.
2. Identity and access management, or "IAM" - in order to try and prevent unauthorized access to crucial vehicle operations, anyone gaining access to flight control information and surfaces must be recognized and validated by an IAM system that can pass muster on the user using machine learning identifiers.
3. Perform a multi-check for IoT-related devices. Hard-coded passwords shouldn't be permitted on IoT devices; instead, they should be updateable.
4. A strong intrusion detection system (IDS) should be the foundation of a cyber-resilient spacecraft. Continuous monitoring of telemetry, command sequences, command receiver status, shared bus traffic, flight software configuration, and operating states should all be part of the IDS. It should also be able to predict and adjust to counteract evolving hostile activity. Critical spacecraft systems should be able to be switched back to a recognized cyber-safe mode by the IPS and the ground crew. It should be possible to cross-check logs for unusual activities.
5. Supply chain risk management programs must be implemented by spacecraft developers. They have to make sure that every one of their providers follows the agreed-upon chain of custody while handling hardware and software. Aside from being identified and treated differently from noncritical units and subsystems in terms of requirements and rigor, critical units and subsystems should also be built with security in mind. Configuration management and secure software development techniques (DevSecOps) should be used to appropriately vet and handle all software on the spaceship.
6. For cross-validation, command logging and anomaly detection of command sequences should be carried out independently by the spacecraft and the ground. In order to ensure consistency between commands given and received, directives received can be automatically recorded, transmitted to the ground via telemetry, and validated.
7. Measures like signal strength monitoring and guarded transmitters and receivers should be taken to prevent communications jamming and spoofing; links should be encrypted for extra protection.
The topic of space system security is getting much attention as of late because of its central importance to our digital ecosystem. An excellent overview of the complexities and issues involved can also be found in an article; ‘Cybersecurity in Space: A 2024 Perspective” byAvantika Chopra Cybersecurity In Space: A 2024 Perspective (thecyberexpress.com)
Please also see my article in FORBES, “The Urgency to Cyber-Secure Space Assets” The Urgency To Cyber-Secure Space Assets (forbes.com)
And check out “Cybersecurity of Space-Based Assets and Why this is Important” and Atlantic Council Discussion with Dr. David Bray, Dr. William Jeffrey, Chuck Brooks, and Dr. Divya Chander. Cybersecurity of Space-Based Assets and Why this is Important - Atlantic Council
We are depending more and more on space for both security and trade, making it a developing and crucial cybersecurity frontier. It requires the national security establishment's attention and should undoubtedly be included as a top priority when it comes to DHS CISA's critical infrastructure protection. In order to safeguard space assets that are crucial to all domain operations, NASA , DOD, the USAF, and Space Command are also starting programmatic initiatives. There is a pressing need to proceed in a swift, ambitious, and targeted manner.
Chuck Brooks, President of Brooks Consulting International, is a globally recognized thought leader and subject matter expert Cybersecurity and Emerging Technologies. Chuck is also Adjunct Faculty at Georgetown University’s Graduate Cybersecurity Risk Management Program LinkedIn named Chuck as one of “The Top 5 Tech People to Follow on LinkedIn.” He was named as one of the world’s “10 Best Cyber Security and Technology Experts” by Best Rated, Best of The Word in Security” by CISO Platform, and by IFSEC, and Thinkers 360 as the “#2 Global Cybersecurity Influencer. " He was also named one of the Top 5 Executives to Follow on Cybersecurity by Executive Mosaic and serves as a featured GovCon Expert. Chuck is also a Cybersecurity Expert for “The Network” at the Washington Post, Visiting Editor at Homeland Security Today, and a Contributor to FORBES. He has an MA in International relations from the University of Chicago, a BA in Political Science from DePauw University, and a Certificate in International Law from The Hague Academy of International Law.
Check out the Space Comm Expo 6-7 March at Farnborough International Exhibition and Conference Centre
THE UK'S LARGEST SPACE EXPO SERIES (space-comm.co.uk)
Artificial Intelligence, Quantum Computing, and Space are 3 Tech areas to Watch in 2024
by Chuck Brooks
Artificial Intelligence, Quantum Computing, and Space are 3 Tech areas to Watch in 2024 (forbes.com)
Space
A Developing Frontier of Innovation
Our civilization's ability to communicate is becoming more and more reliant on satellites. Countries depend more on space as a mission-critical and developing frontier for information sharing and surveillance. These days, a lot of networks are switching from terrestrial (land-based) communications to cloud-based communications, utilizing satellites to transfer data across long international distances.
Satellite systems entail cyber risk. By keeping an eye on adversarial threats and geopolitical moves, they also play a crucial role in national security. Cyberattacks could target satellites in an attempt to sabotage communications or information streams that are essential for security and trade. In fact, at the beginning of the Russian invasion of Ukraine, an alarming event occurred when an attack occurred that caused disruption to the Ukrainian satellite communications provider ViaSat.
Due to our increasing reliance on space, and particularly satellites, for communications, security, intelligence, and business, satellite and space security is becoming increasingly important in 2024.
Space Systems Predictions:
Samuel S. Visner, Chair, Space Information Sharing and Analysis Center/Tech Fellow, The Aerospace Corporation
“Even as the market for space systems evolve, our dependence on space systems for national and economic security, and for all our critical infrastructures will increase dramatically, a fact not lost on our adversaries, including Russia, which fired its opening "shots" in its invasion of Ukraine by an attack on commercial space systems. We will need to demonstrate and strengthen our leadership in space system technologies, even in new mission areas ranging from space manufacturing to advanced remote sensing, from global 5G networks with direct device-to-satellite connectivity to space mining and renewed exploration. We'll need, too, to demonstrate our commitment and capacity to protect these systems and determination to deter attacks against them.” (19) Samuel Visner | LinkedIn
David Logsdon, Information Technology Industry Council - Senior Director of Space Policy
“In the coming years, there will be a greater focus on tools that can enhance space innovation and cyber secureness such as zero trust, software bill of materials, and secure by design. Special attention should also be paid to the utilization of AI and emerging technologies that will allow the public and private sectors to scale and address cyber concerns effectively.” (19) David Logsdon | LinkedIn
Rich Cooper, Vice President - Strategic Communications & Outreach Space Foundation
"While the global space ecosystem will continue to grow beyond the more than 90 countries with active space operations today, it is the commercial space industry that will drive the game-changing innovations that expand space access and opportunity and deliver even greater benefits for all of us back on Earth.” (19) Rich Cooper | LinkedIn
Chuck Brooks, Brooks Consulting International, Georgetown University
“In the coming year, the security risk management of satellites and space will emerge as a top priority among both the public and private sectors. The economic sustainability of the free world depends on space-based global communications and sensing. Unfortunately, many of the platforms lack adequate protection, and hence, space cybersecurity will play a significant role in protecting key infrastructure. The emerging frontier of Space will need to be a high security priority for 2024.”
Without a doubt, 2024 will be a very interesting and possibly revolutionary year for science and developing technology. We are only at the beginning of our civilization's journey to discover how new applications of technology can impact our way of life in 2024 and beyond. I hope you'll look into this further.
DHS CISA WORKING GROUP
Brooks Consulting International serving as SME
Space is one of the fastest-growing markets of the global economy. The rapid expansion of the space services market and the competitive advantage gained from being a first mover, increases the potential for lax security. It takes a holistic approach to assess risks associated with the space systems enterprise and understand the impacts to all critical infrastructure and National Critical Functions (NCFs), including terrestrial infrastructure as well as on-orbit vehicles that conduct operations in the space environment.
CISA’s Role
CISA works with public and private sector partners to advance space system security and resilience by identifying and assessing risks and expanding industry and international partnerships to ensure the responsible use of space.
Overview
Projections suggest the space economy will more than triple in size in the next decade with an expected value of $1.4 trillion by 2030. As more satellites and satellite systems occupy the near-Earth space domain and as terrestrial systems increasingly rely on space technology, increasing cyber, kinetic, and energy threats to space systems put national security and economies at risk. On September 4, 2020, the Space Policy Directive-5 Cybersecurity Principles for Space Systems (SPD-5), the Nation’s first comprehensive cybersecurity policy for space systems, was signed:
“Space systems enable key functions such as global communications; positioning, navigation and timing; scientific observation; exploration; weather monitoring; and multiple vital national defense applications. These systems, networks, and channels can be vulnerable to malicious activities that can deny, degrade, or disrupt space operations, or even destroy a satellite. It is essential to protect space systems from cyber incidents in order to prevent disruptions to their ability to provide reliable and efficient contributions to the operations of the Nation's critical infrastructure.”
Although SPD-5 remains in effect, it is unclear how many private sector entities will adopt the concepts put forth in the policy. Research indicates that some of the systems currently in orbit were designed with little or no security. However, cyber threats to space enterprise elements cross the spectrum from cyber criminals to advanced persistent threats from nation-states. Nation-states also threaten space vehicles and systems with advanced energy and kinetic weaponry.
Like any system, the space systems enterprise requires evaluation of risk at all levels of its life cycle. From manufacture to final disposition at end-of-life, commercial and government space activities continue to be regulated by multiple government organizations with the regulatory environment evolving as both the military and commercial space landscape continues to grow. The space system enterprise is striving for public-private information sharing around identified vulnerabilities, threat information, space weather, and space intelligence.
DHS Space Policy
Space-based systems play a critical role in securing the homeland security enterprise as Department of Homeland Security (DHS) components and partners rely heavily on space systems to provide information and communications necessary for mission success. The DHS Space Policy (signed April 14, 2022), guides component efforts internally and across the homeland security enterprise.
DHS will assume a leading role in three primary areas: promotion of cybersecurity of space systems, homeland security mission assurance planning and execution, and contingency planning to respond to and recover from potential impacts to the homeland resulting from a denied or degraded space environment.
- By Chuck Brooks (SME, U.S. Department of Homeland Security)
Original link of post is here
Comments