SoS Musings - Space Weapons: Cyberattacks
By grigby1
Given the critical role that space systems play in today's world, space cyberattacks are an increasingly urgent issue. Space technology is the foundation of our global communication, navigation, and more. Satellites orbiting Earth play a crucial part in various aspects of our daily lives and global infrastructure, thus making them essential assets. They are human-built objects placed into orbit that enhance our lives in different ways, from sending television signals directly to our homes, to powering navigation systems such as the Navstar Global Positioning System (GPS), to monitoring weather. Nevertheless, as our reliance on satellites increases, so does their appeal to threat actors who want to undermine their effectiveness through cyber methods. The proliferation of the digital domain into outer space has created novel opportunities for cyber threats, presenting unparalleled difficulties. There have already been incidents that highlight the vulnerability of satellites. For example, in the 2022 KA-SAT network attack, the network owned by the global communications company Viasat, was hit with a sophisticated cyberattack that caused a partial interruption of KA-SAT’s consumer-oriented satellite broadband service. Several thousand customers in Ukraine and tens of thousands of other fixed broadband customers throughout Europe were affected by the cyberattack. In order to protect space assets from attacks that pose a threat to global stability and security, it is essential to explore and implement robust cybersecurity measures.
Studies have highlighted the possible impact of space cyberattacks on safety. Security researcher Ruben Santamarta raised concern of hacking space-based satellite systems to launch "microwave-like" attacks. His research warned of the cyber-physical vulnerability of popular satellite communication systems used by commercial ships and planes, as well as the military, to connect to the Internet. He discovered that the satellite communications are vulnerable to hackers, who, in the worst-case scenario, could launch cyber-physical attacks, weaponizing satellite antennas to operate like "microwave ovens." The potential attacks could also leak information and hack Internet-connected devices. The attack involves connecting to the satellite antenna from the ground, via the Internet, and then exploiting security vulnerabilities in the software operating the antenna to take control. Through this attack, adversaries could disrupt, intercept, or modify communications passing through the antenna, thus enabling eavesdropping on emails sent using an in-flight Wi-Fi system. A threat actor could also execute additional hacking attacks on devices connected to the satellite network. In regards to the military, the attack also exposes the location of the satellite antenna as they usually need an attached GPS device to function. Pinpointing the location of a military base poses a safety risk. Both military and maritime users could also face cyber-physical attacks involving repositioning the antenna and setting its output as high as possible, to carry out a High Intensity Radio Frequency (HIRF) attack, essentially turning satellite communications devices into radio frequency weapons. Even if the antenna cannot be used to physically harm soldiers, passengers, or crew, this attack can cause physical damage to electrical systems.
Improving security requires an increase in efforts in the realms of research, technology, and guidance. In a paper titled "Space Odyssey: An Experimental Software Security Analysis of Satellites," Johannes Willbold, a doctoral student at the chair for systems security at the Ruhr University Bochum in Germany, and five colleagues explored satellite security and analyzed the attack surface. They developed a taxonomy of threats to satellite firmware, which can be used to create satellite-specific threat models and challenge outdated assumptions. The study of three satellites revealed various types of software vulnerabilities and insufficient protections. Patrick Lin and his colleagues at California Polytechnic State University's Ethics + Emerging Sciences Group recently released a US National Science Foundation (NSF)-funded report on June 17, 2024, to highlight the threat posed by space cyberattacks and help predict novel scenarios. As space is remote and challenging to access, a cyberattack would likely be needed to target a space system. Space systems are attractive targets because it is not easy to upgrade their hardware once launched, and this insecurity increases over time. In regard to space cybersecurity, it is important to go beyond satellite hacking and signals jamming or spoofing. As the report points out, failing to imagine many different possible attacks can be disastrous for security planning, especially against hackers, who are diverse entities with various motivations and targets. These variables are important because they reveal which defense strategies work best. State-sponsored hackers may need to use a different approach than criminal hackers. The team’s report offers the ICARUS matrix, a taxonomy that captures these variables and can generate over 4 million scenario prompts. ICARUS stands for "imagining cyberattacks to anticipate risks unique to space."
Threats to space-based infrastructure continues to grow, thus calling for more research and development of security strategies and technology.
To see previous articles, please visit the Science of Security Musings Archive.