Nearly 5,000 satellites are currently in orbit around the Earth. The U.S. relies on many of them for everything from communications and emergency warnings to GPS coordinates and defense information.
Damage inflicted in the satellite sector could have a ripple effect, leading to heavy financial losses and/or comprised data in other areas. Satellites are part of the extended cyber ecosystem for most organizations, but organizations rarely have direct control over satellite cybersecurity.
Earlier this year, a report from the Pentagon warned of Kamikaze satellites, Russian and Chinese “inspection and servicing” satellites that could also be used to conduct attacks on the most important U.S. satellites in orbit.
The report also says thatRussia is “likely” developing a ground-based, mobile missile system capable of destroying space targets in low-Earth orbit in addition to ballistic missiles – a weapon system likely to be operational within the next several years.
Because of threats like these, cybersecurity personnel are examining other possible scenarios where crucial satellite data could be destroyed, diverted or corrupted. There’s a commonly held belief that satellites which increasingly rely on software are the most vulnerable to cyberattacks.
That’s not good because satellite operators are increasingly interested in software-defined satellites that can be reprogrammed in orbit, allowing them to take on different missions and serve different customers. But while such satellites can be more responsive to shifts in customer demand, they also need more security features to keep nefarious actors from exploiting their new capabilities.
Because satellite operations are led by technologies that are housed on earth, those earth-bound entry points offer cyber attackers with an enormous number of potential inroads for hacking. The vast number of entry points also compounds the difficulty of tracing and shutting down a cyberattack.
One of the most significant weaknesses that is common to all satellite systems is the use of long-range telemetry for communication with ground stations. The uplinks and downlinks are often transmitted through open telecom network security protocols that are easily accessed by cyber criminals.
Many cybersecurity experts believe the focus needs to be on “resiliency” rather than having an impenetrable network. In other words, it’s more important to limit cyber intrusions and respond quickly than to try and have a flawless record.
Want to learn more? Tonex offers Cybersecurity and Satellite Systems Training, a 4-day course that provides an understanding of unique vulnerabilities in SATCOM systems that are commonly exploited.