As hackers attack data centers, mobile devices, IoT networks, desktop PCs, and physical infrastructure they will obviously also turn their attention to space, if what they intend to do is to inflict the maximum possible harm – because so many people today depend on satellites. Here we discuss some of the cyber security issues relating to satellite systems, including what technology they share with land-based systems and what sets them apart, not least in order to determine how vulnerable they are to traditional hacking.
The similarities with land-based systems is what would make them susceptible to traditional hacking. One might say that the differences is what makes them safer, since they are not on IP networks, which is where hackers lurk. But satellite communications equipment is designed to translate those signals to IP networks and back, as satellite systems need databases, application servers, etc. to provide their service.
Attacks on Satellites to Date
To date, there has been some, but not a lot of, satellite hacking. The SANS Institute referenced an article by The Telegraph from 1999, reporting that hackers in England were ‘suspected’ of having seized control of a British military satellite, but then casting doubt on the story by stating that they could not confirm The Telegraph’s story. Moreover, The Financial Times reported in an article written by the editor of Space Policy that in 2007 Tamil separatist guerillas broadcast propaganda from an IntelSat satellite seized over Sri Lanka. The author also claimed that hackers took control of a NASA Terra Earth Observation satellite. She concluded that satellite hacking has, to date, not caused much harm, such as for example destroyed a satellite. The article nonetheless argued for the need to beef up satellite security and concluded that jamming the signal is the greatest threat to the satellite itself.
Importance of Satellites
Before we look at satellite technology and security issues, it is important to consider just how important satellites are to today’s economy, governments, and culture, and why they might become more of a target. If a hacker could take out a satellite, the effects could be as widespread as a major internet outage. This would be particularly devastating for some of the many small countries that have recently launched their own satellites, including Bolivia, Peru, and Chile – as they do not have a backup.
A common tactic hackers use is to go after the weakest point. They, for example, target vendors when aiming to attack a larger corporation’s network. Satellites could be considered a weak point because security has not been given sufficient attention in this context. No doubt one reason for this is that there have been so few high visibility attacks on satellites.
Like electricity and water, satellites are today taken for granted by people, and people and machines have become very much dependent on satellites for communications, weather forecasts, military uses, TV broadcasts, and GPS. Currently the biggest risk to satellites stems from collisions with meteorites and space debris, such as happened in a 2009 incident that destroyed a satellite belonging to Iridium Communications. Other risks include interference from the sun, which is also quite common. But hackers could come to see satellites as inviting targets, especially if they learn how to attack them in some way that they can repeat, like targeting them with a laser. Satellites can also be jammed from ground based radios, and that does not take much sophistication. As Ars Technica reports, ‘Jamming and rounding up satellite dishes has become a common practice for governments wishing to limit unfavorable coverage in their own (or sometimes other people’s) countries.’
Satellite Communication Networks and Protocols
Satellite communications include special protocols used between satellites, ground stations and control centers, and the regular ethernet protocol. Satellite communications are digital and analog. Much is serial, including SpaceWire which is used by NASA (USA), ESA (Europe), JAXA (Japan), and CNSA (China) for onboard and satellite-to-ground communications. Those agencies and private companies use other protocols too: One is the ADCCP X.25 protocol, which predates ATM and Frame Relay and even the OSI model. Kratos is a satellite communications company which posits that satellites are increasingly moving towards using IP networks and away from older networking protocols. They built the RT Logic T500GT Network Gateway which sends telemetry and telecommand data from ground based antennae to satellites. It converts serial transmissions to IP packets between satellite modems and the larger computing network. One security issue with their device that can be highlighted is that their gateway supports the authentication method NONE.
Moving from legacy protocols to IP ones, we have SLE, the Space Link Extension standard. It is also designed to transmit data between ground stations and satellites. In addition, it is designed to work between different space agencies. SLE is one of the CCSDS (Consultative Committee for Space Data Systems) standards. So is ADCCP. The ESA publishes the SLE API which converts the SLE space protocol to IP. In order to understand how space communications are similar to ground communications, consider that the API handles Forward Space Packets (FSP), Return All Frames (RAF), and other data items similar to Ethernet. All of this is tied together with communications gateways like SoftFEP. SoftFEP is a communications gateway for the AFSCN (Air Force Satellite Control Network). It uses the 25 year old ADCCP and the EXU protocols. EXU is unique to the 50 year old AFSCN.
Satellite, Data Center, and Relay Station Security
Satellite operators, some of which, like IntelSat, operate as managed service providers, use traditional security monitoring tools as well as those uniquely designed for satellites. RT Logic builds the CyberC4 Alert Real-Time Cyber Situational Awareness for Satellite Ground Networks appliance. It is a SIEM (Security Security Information and Event Management) that monitors events and parse logs just like in a regular SIEM, but it is ‘tailored specifically for the unique needs of satellite networks.’
Kratos also conducts cyber security assessments for satellite providers. They point out that cybersecurity regulations will extend into space, so providers need to write audit plans and move toward compliance, and they suggest looking to NIST when defining what those standards might include. They say, ‘Kratos addresses all the key areas of satellite systems including space and ground segments, Tracking, Telemetry and Command (TT&C) functions, uplink and downlink transmissions and network performance.’ The Kratos/RT Logic CyberC4 Guard AFSCN Satellite Ground Cross-Domain Solution is specifically designed to protect satellites using the US Air Force Satellite Control Network (AFSCN) protocol and ADCCP transport at the point where those cross IP networks. Their device works at network and transport layer of the OSI model. RT Logic argues that the traditional approach of using firewalls and network segmentation is ‘no longer viable, therefore trusted guards are now required.’ The ‘guard’ referred to in this case is their rules-based appliance and proxy server.
The Traditional Data Center
Satellites are controlled by computers in data centers just like any other computing application. So they are subject to the same threats as cloud computing, which includes security breaches and attacks from insiders, or employees accidentally downloading malware as a result of phishing attacks. One crucial aspect of the satellite business is that it is very much international, which both enhances security while also posing unique risks. Every country, even the smallest, is assigned orbital space for satellites, just as they are assigned blocks of IP address. Of course, not all countries have satellites, so they sell or rent their space. This means that risks could already result from the simple fact of having potentially antagonistic political actors ‘under the same roof’.
But there is also a positive aspect to the international nature of satellite operations. It cuts through the often-criticized problem where there is not a coordinated global or even national response when hackers attack traditional targets on the ground. That is because there are not as many international umbrella organizations overseeing, for example, banks or power stations. Each country has its own cyber command. Relay stations are often unmanned, or at least not staffed with many people, which creates its own problems. They are deployed in remote corners of the world so they can provide line-of-site to the satellites. These relay stations are of course subject to physical attacks, if hackers find a way to access them, steal data or otherwise alter equipment.
Moreover, there is nothing proprietary about the software that powers all of this. For example, Amergint sells the SoftFEP device that processes telemetry and command data streams. Their front end device connects control centers to control stations. This special equipment runs ordinary Linux.
One issue with satellites is that many some them are quite old. If some inherent weakness is identified in any of them, it might not be easy to fix. There are 29 GEOSar-2 satellites in operation for example. Those were built by the Orbital Sciences Corporation and have been designed for a 15 year lifespan. Protecting satellites from hackers is different from protecting banks, governments, etc. because the most critical part of their communications is not on the internet or any other IP network. The much more likely target is their network on the ground. Still, there is the need to harden the point where the two networks intersect especially as satellites have become so crucial to everyday life in the modern global economy.