Satellites and space stations represent some of the most complex, advanced technology of our generation. At the same time, however, they also have the potential for significant vulnerabilities, particularly as we begin to rely more and more on them to support our connected, digital world. Much like the exhaust vent on a particular moon-shaped space station, these vulnerabilities may prove catastrophic if they are consistently ignored.
Of course, space-bound cybersecurity represents a uniquely-challenging landscape, not in the least because of the logistics of being in space. As such, analyzing current security practices and existing techniques can only go so far. We need to apply them and replace many of the space sector’s outdated cybersecurity policies.
As noted by Infosecurity Magazine, the International Space Station is an excellent example of this in practice. However, it also represents something of an outlier. Not every satellite and space station has the benefit of up-to-date infrastructure or dedicated IT personnel.
On the contrary, because of the astronomical cost of getting materials into orbit, many satellites have infrastructure that was built decades ago, in an era where cybersecurity was much less of a concern. To make matters worse, security publication Fifth Domain Magazine notes that there are still countless outdated and obsolete satellites in orbit. Thousands, perhaps.
And that’s a problem.
All around the world, every moment of every day, each of us sends data to and from satellites. We’ve grown accustomed to this ease of access, accustomed to a global telecommunications network that’s only existed for the barest fraction of human history. It’s no exaggeration to say that satellite technology represents, in many ways, one of the most critical infrastructures in the world.
Nor is it an exaggeration to say that the loss of compromise of space-based assets is a serious threat.
Before long, it’s not going to just be satellites in orbit, either. We are on the edge of publicly-available space travel. Even though to many of us it feels like only last week that Yuri Gagarin became the first human to reach orbit, the stars today are nearly within our reach.
And many of us may see above the clouds within our lifetime.
Commercialized space travel represents an entirely new set of logistical issues. How do we regulate IT infrastructure and ensure safety? How do we enforce security regulations devised on earth outside the boundaries of the planet?
And perhaps more troubling, what happens if a commercial spaceflight is compromised by a cyberattack? Imagine, if you would, the absolute worst-case scenario. A criminal manages to spoof the downlink signal for an orbiting spacecraft.
For a vehicle on earth, this would be an inconvenience, at best, an annoying, faulty GPS. But what happens when a space-bound vehicle cannot accurately calculate its trajectory or determine its position? What happens when a pilot effectively needs to fly blind.
Granted, this is highly unlikely to happen. Software-defined ground vehicles are already subject to incredibly strict security frameworks and incredibly stringent code reviews. Spacecraft will likely be triply so.
Still, it’s all too easy to forget that space assets may have many of the same vulnerabilities as earth-based systems. They can still be targeted by a distributed denial of service attacks, payload control, and malware. And even if this space-based infrastructure is beyond the reach of a criminal, they can still target what’s on the ground — the control center.
For now, space is still relatively unknown territory from a cybersecurity standpoint. In the very near future, we will likely need to make serious adjustments to our regulatory frameworks in order to account for the cosmos. And that starts with acknowledging that the risks are there in the first place.
About the Author
Tim Mullahy is the Executive Vice President and Managing Director at Liberty Center One, a new breed of data center located in Royal Oak, MI. Tim has a demonstrated history of working in the information technology and services industry.
