Modern society has become reliant on satellite technology to function normally. With the rise of cyberattacks and data breaches, it’s now more vital than ever for companies to keep their satellites secure. Here, we’ll take a look at the security risks satellites face and how technological advances are keeping them safer from hackers.
Cybersecurity risks
Satellites are complex, expensive pieces of equipment. Launching a typical satellite costs up to $400 million. Unfortunately these exorbitant costs mean that sometimes, shortcuts and money-saving measures are taken. This could result in less-than-stellar security features, especially for older satellites.
For instance, a constellation of satellites from a company with ties to the Pentagon, Iridium, was found to have no security at all for some of its transmissions, and guides were even available on the internet explaining how to access this data easily. Although cases like this one are outliers, satellites face other common forms of risk, such as:
- Lack of regulatory bodies. Unlike for many other industries in the United States and globally, no official governmental regulatory bodies mandate security guidelines for satellites. Although organizations such as the International Telecommunications Union spell out which frequencies can be used by satellites, security measures are largely left to the satellite company’s discretion. This lack of standardized cybersecurity allows for weak points.
- Complicated supply chains. Satellites demand lots of specialized components. These various systems are unlikely to be designed and built by a single manufacturer. Such collaboration introduces many access points for potential security issues. Every sensor or printed circuit board could have a known security flaw for hackers to exploit, raising the potential to compromise the entire system.
- Off-the-shelf software. Most expensive satellite systems use custom software, but there is a growing trend toward CubeSats. These small satellites are much cheaper to build and launch. The lower barrier to entry often indicates a budget too small for custom software. They likely use generic, off-the-shelf software and common operating systems like Unix or Linux — perhaps even open-source programs — with known security vulnerabilities.
With these risks in mind, we will now consider why it’s so important to ensure satellite communications are secure from hackers.
The importance of satellite cybersecurity
A focus on security for current and future satellites is instrumental to preventing malicious cyberattacks. While serious consequences have been avoided, there are recent incidents of bad actors hacking satellites. These fall into certain categories. For example:
- IP satellite communication incidents. IP attacks such as those used by the Russian hacker group Turla are a way to hide nefarious online activity. Hackers use ground receivers to intercept IP information from satellites providing internet capabilities. The hackers are then able to connect to these stolen IPs and obfuscate their malicious activities. This type of attack is difficult to pinpoint since legitimate users can’t tell their information is being used unless the hacker attempts to use it at the same time the user is connected.
- GPS satellite incidents. GPS manipulation is another tactic favored by hackers. There are two common types: In GPS jamming, noise is transmitted in GPS frequencies to satellites, causing GPS locators to malfunction. Jamming isn’t necessarily malicious, and is used throughout the world for national defense purposes. The other type is called spoofing, and it’s a malevolent attack. Spoofing introduces a low-powered signal to GPS satellites, which is then slowly increased until it overpowers the legitimate signal. It can be used to manipulate the GPS coordinates of a variety of targets. A well-publicized example is the Russian spoofing of U.S. naval vessels in 2017.
- Ground-based satellite incidents. Ground-based satellite control terminals are hacked typically to take over or gain access to critical satellite functions. In the past, Chinese agents have hacked NASA satellites in order to disrupt imagery. More recently, the Chinese were also found responsible for infecting terrestrial control computers to intercept satellite information, both military and civilian, for the purpose of espionage.
As you can see, security should be a major concern for satellite operators. Let’s delve into techniques used currently to keep satellites secure and what can be done in the future.
Keeping satellites secure
Organizations can take a variety of measures to keep their satellite technology secure. Here are a few common ways:
- Stricter access control. Companies should ensure those who have access to sensitive satellite technology have secure logins. This could take the form of access keys, which randomly change at regular intervals. Send out phishing tests as well to spot potential vulnerabilities. You can then educate employees about safe best practices.
- Dedicated security teams. Rather than relying on off-the-shelf software or a single security engineer, firms using satellite technology should invest in security teams. These engineers can develop specific solutions and tools tailored to the businesses’ needs. A dedicated team also fosters a culture of security by showing employees that security is a serious concern that is addressed on a daily basis. This prevents general malaise about this important topic.
- Internal guidelines. Although standardized governmental regulations don’t exist, organizations can set their own guidelines regarding satellite cybersecurity. Theoretically, the lack of overarching oversight could be beneficial, as individual companies can assess their particular circumstances when crafting these policies.
- Redundant systems. Redundancy is a common term in terrestrial cybersecurity, but it hasn’t been used to its fullest capabilities in satellite security. It means having backup systems in place if the main systems are breached. In the past, redundant hardware systems in satellites would have driven up the cost, but with the miniaturization of computer components over the past two decades, it’s not a viable option.
Satellite cybersecurity is an important consideration now and will continue to grow in importance in the future.
X2nSat has been a leader in the satellite telecom industry for over 22 years. It offers a wide variety of services across industries including health care, utilities, enterprise, maritime and more. X2nSat is serious about satellite cybersecurity and employs cutting-edge techniques to keep its solutions secure. If you’d like more information, contact the company’s experts for a free consultation.