A new report from California Polytechnic State University (Cal Poly) has shone a light on the increasingly urgent threat that novel cyberattack methods in space are posing to commercial, military and government satellite networks.
Authored by Cal Poly’s Ethics + Emerging Sciences Group, the paper – “Outer Space Cyberattacks: Generating Novel Scenarios to Avoid Surprise” asserts that cyberattacks are the most likely avenue for bad actors to leverage when looking to degrade and disrupt space assets, and that industry leaders must explore new cybersecurity approaches to combat novel attack methods that could emerge in the near-future.
“Even for satellites and other spacecraft that have cyber defenses built in, we all know by now that cybersecurity is an unending game of Whack-a-Mole,” the report states. “In this ongoing evolution between hunter and prey, cyber defenders can never relax. Both complacency and a failure of imagination can open the door for cyberattacks that cause massive economic losses and worse.”
Understanding that the nature of the threat to space systems is poised to become more pervasive throughout its evolution, how exactly are the cybersecurity and space industries approaching the security of space assets, both on the ground and in orbit? How do they plan to mitigate the possible risks and ramifications of novel cyberattack scenarios?
Space ISAC and Hera’s Revenge
The Space Information Sharing and Analysis Center (ISAC) is one of the organizations leading the way in strengthening the industry’s ability to plan for and react to new cyber threats that are emerging in the space domain. According to the organization’s website, Space ISAC is, “…the only all-threats security information source for the public and private space sector.”
One way the organization is tackling new and emerging cyber threats is through wargaming Tabletop Exercises (TTX), which are meant to simulate a cyber operations environment that is undergoing a cyberattack. Space ISAC holds these exercises yearly, and so far in 2024 it has hosted TTXs across the globe in France, Australia and the U.S. Throughout the exercises, stakeholders experience an attack in real-time while being forced to pivot their mitigation tactics based on different events that are injected into the scenario.
“TTXs bolster collective defense of the commercial space industry by testing processes and procedures for information sharing,” explained Joel Francis, Space ISAC’s Watch Center Lead and Intelligence Coordinator. “This includes how commercial companies mitigate and report cyber incidents and how Space ISAC can assist in these processes.”
This past April, Space ISAC carried out Hera’s Revenge, a TTX simulating a cyberattack where teams of ground station as a service (GSaaS) operators mitigated a compromise to their ground station entry points (GEP). During the exercise, participants – whose roles spanned from cyber engineers to system administrators – received an initial notification from the Space ISAC Watch Center warning them of service outages. According to Francis, exercise participants were tasked with investigating the outage and resolving the impacts to their ground station assets.
“The Hera’s Revenge exercise was focused on the ground segment, which is widely considered the most vulnerable attack vector for space systems,” said Francis. “Lessons learned included valuable insights on the role of trust in information sharing environments, as well as specific procedures on how to share information with government entities and trusted communities like the Space ISAC. Throughout the exercise, there were multiple opportunities for member organizations to operationalize the act of sharing information with Space ISAC during incidents.”
Looking ahead, Space ISAC plans to continue to hold its TTXs, with the next one scheduled for later this year. “Our next TTX for 2024 will be at the CyberSat Summit in November,” he said. “The scenario is future oriented and is geared towards crisis mitigation in cislunar space.”
While organizations like Space ISAC and the TTXs they execute provide mitigation templates on how to respond to emerging threats, what steps is industry taking to bolster the hardware and software on space systems for enhanced security to prevent disruption by the evolving tactics of bad actors?
Zero Trust Architectures and Standardization
According to Dr. Patrick Lin, PhD of Cal Poly – and author of the Cal Poly report – cybersecurity around ground segments is in a stronger position than its space segment counterparts. “The ground segment—which includes mission control, R&D labs and other facilities—is secured like a typical organization would be, which means tight security around access and credentials, following best practices such as the principle of least privilege,” he said. “But there are also space segments…that would be alien to a typical cybersecurity practitioner, yet those are also critical to secure.”
To answer the call for space segment cybersecurity, industry leaders are exploring how to deploy end-to-end Zero Trust Architecture (ZTA) across all space vehicles. “ZTA basically encrypts every aspect of the infrastructure, implementing mutual transport layer security (TLS) everywhere you can,” explained Ted Vera, Director of Cybersecurity Technologies at Kratos, “ZTA also aims to utilize microservices that authorize access to every piece of data, resource and service.”
Though industry has been releasing and implementing software platforms in efforts to meet this ZTA goal on the ground segment, more work needs to be done to extend ZTA to space and facilitate cybersecurity interoperability between the two segments. One emerging piece of hardware that industry is examining that could potentially facilitate ground to space cybersecurity interoperability are Trusted Platform Module (TPM) chips.
Space Systems Modular Open Systems Approach (MOSA) Interface Standards Alliance is an organization that is researching how TPM chips could be leveraged to extend ZTA and interoperability to space vehicles. According to the group’s mission statement, “The Space Systems MOSA Interface Standards Alliance consists of committees and subcommittees developing interoperability standards that meet enterprise-defined objectives…and bring newer technologies to our warfighters faster.”
MOSA and its committee on TPM for space are evaluating whether TPM chips are suitable for space applications. As of now, there are no hardened TPM chips available for hardened space. But if there were, the possibilities for cybersecurity on space vehicles could be wide-ranging and include ZTA, Root of Trust (RoT), secure boot and data-at-rest encryption on a space asset’s storage unit.
“If you implement the TPM on the space vehicle, you also need to have hooks in your ground systems to be able to make use of the TPM features and functionality from the ground,” said Vera. “The MOSA Alliance is helping to shape those standards so that ZTA interoperability can be achieved across different space vehicle manufacturers.”
According to Francis, Space ISAC is also working on how to better bolster security in space through cybersecurity standardization. “Space ISAC is involved in developing and integrating cybersecurity standards for space systems,” he said. “We engage with standards bodies to help contribute to the growing conversation around how to increase the security and resilience of commercial space systems. We also have a commercial testing environment, our Cyber Vulnerability Lab that serves to provide an environment for industry members to test hardware and software implementations for space.”
While tabletop gaming with simulated cyberattack scenarios, the integration of interoperable ZTA and the development of cybersecurity standards are all essential steps towards securing satellite assets, Dr. Lin explains that the satellite industry still needs innovative, experienced cyber warriors with the creativity and knowledge to anticipate and respond to emerging cyber threats in space.
“What can be very helpful is raising awareness about the unique challenges in space cybersecurity in order to attract more researchers to the multi-dimensional, complex problem, especially outside of classified work,” explained Dr Lin. “Our recent space-cyberattacks report was drafted with an eye toward that goal.”
Explore More:
Threat Briefing 22: Jamming Attacks Affecting Space Systems and Implications for Global Security
Podcast: Interview with Col. Michael Christensen, Director of Test and Evaluation, USSF
Threat Briefing 20: Aerospace Industry Targeted by Multiple Cyber Espionage Campaigns
Threat Briefing 18: Living off the Land Techniques Pose a Persistent Cyber Threat to Space, Critical Infrastructure