The Real Threat of Space Systems Cyber Theft

News
Written By Amanda Lampert

Unlike almost any other post compromise target, non-terrestrial assets are potentially unrecoverable and yet still functional. While a disabled or destroyed satellite is unusable, theft by an adversary likely leads to reuse, reconfiguration, and/or repurposing to a new mission.

Resilience becomes a very complex conversation with things like satellites in this context. Traditional cyber attack surfaces are appropriately moving towards abilities to sustain and survive the inevitable compromise while continuing to function. This is a much more nuanced situation with space systems in that maintaining operations or surviving a compromise is not a straightforward assessment when a satellite or constellation has been stolen.

Software defined aspects of the satellites can be updated and changed. An adversary could command a satellite to change the way it communicates and the encryption it uses so that control of the compromised satellite is moved to malicious ground stations.

Loss of control vs loss of ownership

Cyber in space presents unique opportunities for loss of control and loss of ownership of assets in a potential conflict. When control is lost, an asset like a satellite can be used against the original owner. When ownership is lost, there is potential for the adversary to create their own similar assets based on the level of understanding gained.

An issue of cost benefit

Defense and cybersecurity of satellites, like any system, is largely based on the value or importance of that asset to the organizations that build and operate them. This is a cost benefit scenario that considers the loss of something like a satellite in terms of it being disabled or destroyed and no longer available as a capability. Loss of control due to cyber compromise gives new perspective to cost benefit evaluation since assets are not just unavailable to the original owner but are now part of calculating the adversary capability.

An Issue of purpose

Loss of control of a satellite alters strategic perspective but loss of ownership flips it completely. Not only is an asset lost for one side in a conflict and taken by another, but that asset may be utilized in new and unknown ways, making cost-benefit evaluation of defensive and cybersecurity implementations extremely complex. Technology like software defined radios, phased array antennae, and reconfigurable software-defined payload controllers mean post-compromise satellites may have entirely new functionality. 

Strengthening Space Systems Against Cyber Theft

Operators can reduce risk significantly through a few focused steps:

Resilience While Appropriate

Survive when vulnerable, when possible

Zero-Trust Where Able

Fail safe and fail closed where acceptable 

Red & Purple Teaming

Understand how the adversary sees and values your space asset(s)

Conclusion

Resilience for space systems is complicated. Theft means surviving a compromise is not always an option. Zero-Trust in satellites is only realistic to the point that it does not create more architectural risk through implementation than it mitigates. The adversarial perspective of red teaming allows satellite owners and operators to understand not just how their system may be compromised, but how it could be repurposed post-compromise.

Amanda Lampert
Next

Protecting Future of Space System Architectures: Acknowledging, Understanding, and Addressing cyber attack surface