space
Space jam: why the military is prioritising cybersecurity for space
As military and civilian capabilities increasing rely on space-based assets, Berenice Healey asks space and cybersecurity experts about the potential effects of a cyberattack against them and how to offer protection.
For 100 years there were three military domains – land, sea and air – each led by, but not exclusive to, its respective military branch. In recent decades all three have come to rely on cyber and space capabilities and have recognised them as domains in their own right through the establishment of specialist military commands.
Cyber and space have a unique interdependence, as evinced by cyber being at the heart of the mission of the US Space Force and the upcoming UK Space Command. Defence and Security Equipment International (DSEI), the defence industry event held every two years in London, launched a Space Hub in 2019 to recognise its increasing cross-domain importance. It aims to grow its space presence in 2021 under the auspices of its newly appointed space advisor Dr Michael Holden.
“Space-based assets are critical to the modern military's capability and form part of the critical national infrastructure of a modern economy,” Holden explains. “Being able to protect and defend the assets is critical to both military and to the day-to-day running of the modern economy.”
An estimated £1bn of UK economic activity every day is supported by space-based assets. Given this number, the potential impact to the economy of losing space assets becomes clear – and cyber threats are just one risk.
Holden explains: “To put these cyber threats in in context, the US defence space strategy listed the threats that they see to space-based systems on a continuum from denial and deception, electronic warfare, directed energy weapons, cyberspace threats, orbital threats, kinetic energy threats, ground site attacks and nuclear detonation in space.”
The US space strategy also categorises threats on a scale of fully reversible to irreversible and, depending on its nature, a cyberattack could sit anywhere between the two extremes.
Protecting space-based assets from cyber threats
Holden identifies three factors that are essential to protecting space-based assets from cyberattack.
First, governments are adopting a risk and systems-based approach, identifying all the risks to a system rather addressing cyber threats separately and simply putting a firewall around a system.
“This also needs to look at the personnel, the doctrine, the processes, the policy, the legislation, and the physical security as well as the technical considerations,” he says. “The design of the protection needs to consider all these issues and pull together a coherent design and plan in terms of that risk-based approach.”
The risks and threats to the system are constantly evolving as is the impact of risks occurring.
Second, there needs to be assessment of the risks and threats to any system, including identifying them and assessing the severity of impact if they occur.
“Crucially, fallback plans need to be thought of at this stage, so if something does happen then you know what you would do in that situation in terms of reacting to it and recovering from it. It is about risk management and not risk avoidance these days.”
Finally, it is important to recognise it is not a one-off event to secure the system.
“The risks and threats to the system are constantly evolving as is the impact of risks occurring, as is the severity, based on what you're trying to do with the things,” Holden says. “The risks issues and the fallback need to come together in a coherent plan and that needs a resource and cost-risk, cost-benefit trade-off to come up with an overarching scheme.”
Where could attacks originate?
CybelAngel vice-president of cyber operations and former FBI executive Todd Carroll explains that while physical attacks are likely being developed, cyber presents the most likely risk.
“Why make it complicated to disable a, let's say, communication satellite or a GPS synchronous military device when cyber is the easiest way?” he asks. “If you can deny the communications or throw it out of orbit, you can manipulate it to make it look like an accident or collided with something else. It’s getting crowded up there.”
Carroll says that while the military used to rely on an “air gap” to ensure a secure environment, the number of parties and systems involved in creating and operating space systems introduces vulnerabilities.
As long as humans have their index finger clicking on stuff, we're going to have phishing attacks, because humans can't help themselves.
“Take US Space Command; they are not doing this on their own. I can only guess and how many hundreds and probably thousands of different vendors touch and support their systems,” he says.
“Something small is going to be a vulnerability that someone's going to find, whether it's an adversary or criminal group. They're going to see a device that is not configured properly or has a vulnerability because it's not been patched properly, and it hasn't been secured and it's just going to be another gateway to entry.
“As long as humans have their index finger clicking on stuff, we're going to have phishing attacks, because humans can't help themselves.”
Why target military space capabilities?
Cyber Security Associates founder and technical director James Griffiths says that a key aim of cyberattacks against military space systems is to disrupt communications, command and control and satellite imagery for intelligence gathering.
“In some scenarios, this could have life-and-death consequences,” says Griffiths. “If they are to take over control of the satellite, they could use the satellite itself as a weapon to target other space assets or even crash the satellite into the atmosphere, which will either burn up on re-entry or, potentially if larger, cause damage to an area on the ground.”
KnowBe4 security awareness advocate Javvad Malik adds: “At a nation level, space-based cyber espionage is a real threat, with many spy satellites having been in orbit since the Cold War. On a more individual level, GPS is heavily reliant on satellites, which, if compromised, could have a massive impact on systems which rely on GPS, not to mention the millions of people which rely on it to navigate on a day-to-day basis.”
SentinelOne chief security advisor Morgan Wright also emphasises the importance of GPS, saying: “The military heavily relies on accurate GPS data for data-to-day operations and offensive/defensive missions. The targeting of the actual satellites is one issue. Jamming them is another. Cyberwarfare will rapidly expand into space and cyberspace.”
Mounting a defence
Trusted Computing Group marketing workgroup chair Thorsten Stremlau says that security must be designed into satellite systems, so a level of trust is established between earthbound devices and satellites.
“Trusted computing technology ensures the trustworthiness of devices, device identity and security validity, such as through the use of cryptographic keys,” he says. “Practical security solutions are automated and rely on cryptography as well as a component within a device called a root of trust. A root of trust is secured for a defined range of applications and undergo in-depth security validation. Once deployed, they remain trusted throughout device lifetime.
“Network satellite architecture enables communications to be authenticated at every stage of data transmission before it reaches the satellite, with encryption protecting data even as it moves across the satellite ecosystem. In an age when military usage is ever-increasing, trusted computing technology is essential in protecting top-secret data.”
Assets used to discover space, if unlawfully accessed, could be misused or abused to attack vulnerable targets on earth.
OneLogin global data protection officer Niamh Muldoon explains that, like any other information asset, space-based assets need people-related, process-related and technological controls.
“The success of their protection is based on defining and implementing a cybersecurity programme that incorporates and balances controls across its people, processes and technologies,” she says.
“These controls should be defined from a risk assessment of the threat landscape from both space and earth perspectives. While the threat landscape for the space domain is unknown, the assets used to discover space, if unlawfully accessed, could be misused or abused to attack vulnerable targets on earth.”
Hardened attack surfaces
Synopsys director for government and critical infrastructure programmes Joe Jarzombek says the US Space Force and UK Space Command need a strong focus on prevention.
“In an era of asymmetric cyberattacks, space force capabilities must have systems with hardened attack surfaces,” he says. “In space operations, seconds matter, so cyber assets must be highly reliable and have near-continuous availability.
“Relying primarily on microelectronics and software, space assets must be hardened, not just against the effects of radiation and electronic jamming, but primarily against the risk exposures attributable to exploitable software and flaws in component design that represent source vectors for attack.”
He adds that DevSecOps (development, security and operations) practices must focus on prevention by mitigating exploitable weaknesses in software before deployment and before threat actors discover the weaknesses in ground control and on-orbit assets.
Fragile networks
The focus should not be on the satellites alone but the networks they form, argues RedSeal CTO Dr Mike Lloyd, and protecting them requires humans and computers working together.
“Satellites themselves are often used in a mesh – consider GPS as one example, where each satellite alone is not enough, and it takes the power of multiple satellites working together to solve the problem,” he says. “Pilots rely on an even more precise system called WAAS, which adds a second network to the existing GPS network to increase accuracy.
“All networks share key properties: they are fragile, hard for humans to think about, and prone to lateral movement where an attacker breaches one node then spreads. Defending networks involves understanding networks, and we already struggle with this in terrestrial cyber warfare. It only gets harder as the networks extend off the planet’s surface.
“As the network increases in scale, it gets further and further beyond human comprehension – too many interacting parts, any one of which could be breached by an attacker and used as a foothold for further spread.
“The only way to defend a more-than-global network is to combine human strategy with machine reasoning. It’s impossible for humans to understand and map out every possible attack pathway – that requires inexhaustible attention to detail, which is something computers are good at. Computers, however, do not understand the human motivations, psychological factors or economics – humans are far better at the strategic meaning of the game.”
// Main image: British soldiers train in Kenya. Credit: MOD