Earth satellites have evolved in recent years from monstrous, little-noticed celestial objects to lifelines of networked society. The most well-known services processed through them include navigation services such as GPS or the EU counterpart Galileo. In addition to spy satellites from the military and secret services, civilian systems such as Copernicus are responsible for earth observation, which show extreme weather events and their consequences. Communications satellites transmit media and, increasingly, broadband internet, with Elon Musk’s Starlink making a name for itself at first.
Advertisement
“Everyone depends on space,” says Steve Colenzo of the Air Force Research Laboratory in upstate New York. The dependencies on satellite services are constantly increasing with the “democratization” of space by new commercial “New Space” players. At the same time, new business models are developing with a shared payload and a combined launch as “Satellite-as-a-Service”.
Technical systems in space are among the critical infrastructures
In the EU, technical systems in space and the services offered through them belong to the critical infrastructures (Kritis). With the “NIS2” guideline “for a high common level of cyber security”, stricter regulations in the area of network and information security (NIS) have applied to them since the beginning of 2023. Recorded providers with more than 250 employees and annual sales of more than ten million euros must follow common cyber security standards, for example for audits, risk assessments, the timely import of updates and certifications. The responsible authorities must first be informed roughly about incidents within 24 hours. A report with details must follow within three days.
But what about the cyber security of the tens of thousands of satellites, some of which have been circling the earth for several years? In the 1996 film Independence Day, injecting malware into the computer system of an alien spaceship saved humanity. However, a potential attack with malware that could cause problems for future manned space missions or satellites is also a real concern for IT security experts.
“Cybersecurity is something that’s ground to a halt”
In the early days of spaceflight in the 1960s, cybersecurity was not an issue. At that time there were no massively networked systems like the Internet. The technology aboard the first space paraphernalia was also so bespoke and outlandish that it was considered adequately protected by the “security by obscurity” approach, as Gregory Falco and Nathaniel Gordon of the US Johns Hopkins Institute University in a published in March research paper write. One consequence of this was that crew members or other passengers were given practically full access to IT systems.
Advertisement
“Cybersecurity is something that comes to a halt on the ground,” James Pavur, IT security specialist at software company Istari Global, recently told the Spectrum magazine of the engineering organization IEEE to consider. In the best-case scenario, manufacturers are still thinking about securing the communication link to a satellite. In principle, however, objects in space “trusted everyone to the rest of things in space”.
What is missing: In the fast-paced world of technology, there is often the time to re-sort all the news and background information. At the weekend we want to take it, follow the side paths away from the current, try different perspectives and make nuances audible.
“Open source cybersecurity analysis platform related to small satellites”
The satellite industry itself has recently made strides towards more cybersecurity around automated measurement and transmission of data (telemetry) and communications. With the emergence of a large number of smaller earth satellites in orbit, which fulfill critical missions, securing the ground and space infrastructure against cyber attacks has “become an urgent issue for operators and political decision-makers”, the authors of one stated Article for the IEEE magazine Aerospace and Electronic Systems in August 2019. The essay is about the implementation of modern cryptographic algorithms and perspectives of quantum cryptographic techniques.
The authors propose an “open-source cybersecurity analysis platform related to small satellites”. According to them, the 128-bit Advanced Encryption Standard (AES) is best suited for securing the telemetry and communication channel of CubeSats with a side length of a few centimeters. They also make suggestions for integrating compression and encryption, for example with the help of so-called Huffman coding. In order to improve the resilience of the ground infrastructure against cyber attacks, they recommend creating a redundant arrangement of relevant segments.