Evolving Cybersecurity in the NewSpace Era

In 2016, a team of Chinese physicists pushed quantum computing into a new era of possibilities with the launch of a 1,100-kg satellite called Micius. The spacecraft, which carried a specialized quantum optical payload, was able to distribute entangled photons to multiple ground stations in different locations — “[illustrating] the possibility of a future global quantum communication network,” the team’s paper stated.

The achievement was a brilliant testament to physicists’ progress in understanding quantum networks, which have been widely described as being unhackable. But it was also an ominous reminder of the cyber threat that looms just ahead. The National Institute of Standards and Technology (NIST) recently issued a solicitation for cryptographic systems secure against both quantum and classical computers, warning that such technology and others could soon compromise the “confidentiality and integrity of digital communications on the internet and elsewhere.”

So with cyber menaces growing ever more advanced, how are satellite companies adapting to keep their data safe? What will cybersecurity look like in Space 2.0?

Improved Security and Higher Throughput with Laser Comms

Multiple companies have honed in on laser optical communications as the next evolution in satcom. SpaceX, Telesat and LeoSat are all incorporating laser technology in their Low Earth Orbit (LEO) constellations. Simultaneously, companies such as Airborne Wireless Network (AWN), Mynaric and LGS Innovations are developing laser capabilities in other adjacent domains including aviation and deep-space communications.

RF has traditionally been the go-to for space-based communications, but as Bridgesat CEO Barry Matsumori points out, limited RF spectrum is proving to be a significant challenge for every operator hoping to expand their business. And while some are considering moving to upper frequencies such as V- and W-band, the performance of such wavelengths can be severely inhibited by atmospheric attenuation.

“One can go to optical and it also has those atmospheric constraints,” Matsumori admits, “But the technology behind it and the available hardware is more mature than in these other RF bands. One of the reasons it’s so mature is because all the technology being used for optical communications in space is fundamentally based on fiber optic cabling that’s done on Earth and reusing the propagation techniques that are already known and quantified by programs from NASA, ESA, and NICT/JAXA.”

Laser also brings with it a host of cybersecurity advantages over traditional RF, says LGS Innovations’ CEO Kevin Kelly. Firstly, laser is more difficult to detect simply due to the physics. “RF communications inherently involves a lot of omnidirectional scatter. Radio waves propagate in concentric circles, like the waves in a pond if you were to throw a pebble in the water, and then reflect off other objects allowing those waves to be received at an unintended destination,” Kelly says. The size of an RF beam pattern transmitted from LEO will be several kilometers wide (around 100 km, Matsumori estimates). In comparison, the width of a laser beam from an identical altitude would be just 300 meters. “Unless you are directly in the path of that beam you’re unlikely to observe the communications at all. That’s one aspect of cybersecurity that makes laser communications compelling,” Kelly says.

According to Kelly, it’s “relatively straightforward” to layer bulk encryption over the data before its excited to the photonic level and transmitted down to Earth. One can also create custom waveforms that only the user will know how to decode — although he admits this is not “the most economic solution,” and is a technique mostly employed by well-funded governments.

As an added bonus, laser optical communications can achieve data rates “unheard of in the RF domain,” Matsumori says, making it extremely attractive to operators of telecommunications satellites. LGS Innovations, which NASA selected to support its Integrated Laser Communication Relay Demonstration (LCRD) Low-Earth Orbit (LEO) User Modem and Amplifier (ILLUMA) project, expects its laser modem to achieve anywhere between 10 to 100 times the data throughput of an RF channel. “For instance the data rate that we’ll be demonstrating for the ILLUMA program will be 1.2 Gbps. Currently the International Space Station (ISS), through the Tracking and Data Relay Satellite (TDRS) [network], is communicating at 300 mbps,” Kelly says.

Because of the higher throughput potential alone, Matsumori believes it’s entirely possible that GEO telecommunications spacecraft in the future will rely exclusively on laser optical technology for backhaul. “As data volume and data demand goes up, RF is going to start running out of bandwidth to be able to support those rates,” he says. High Throughput Satellites (HTS) in particular are now requiring multiple ground stations to support large bandwidth backhaul RF signals. “If you go optical, you always use only one ground station — so there’s a capex impact as well as throughput,” Matsumori says.

New Age Architecture

While LeoSat also intends to use laser optical communications for its constellation’s inter-satellite links, much of the company’s defensive posture stems from the inherent design of its architecture. The company is essentially building a satellite-based Virtual Private Network (VPN) that will allow its customers to transmit data from Point A to Point B without ever going through terrestrial gateways. The data is thus able to bypass the majority of the cyber threat surface, says Michael Abad-Santos, LeoSat’s senior vice president of the Americas.

Standard satcom transmissions are usually routed through teleports on the ground before local telecommunications companies push the data across the internet. The data hits multiple nodes along the way, any of which could be a vulnerable entry point for malicious actors. LeoSat’s network, then, is naturally more secure, as the data can cross that same distance without coming back down from space until it reaches its ultimate destination.

Still, LeoSat is taking extra precautions when it comes to keeping that data secure. For almost a decade, the United States military has strictly adhered to the Committee on National Security Systems’ Policy 12 (CNSSP-12), a set of guidelines regulating the protection of satellite communications. CNSSP-12’s primary concern, Abad-Santos says, is protecting Telemetry, Tracking & Command (TT&C) links. As such, LeoSat will add a layer of encryption over the data it transmits to ensure the company is “as close to CNSSP-12-compliant as possible.”

LeoSat’s network is designed to support a range of enterprise applications, such as weather, shipping and mining data for oil and gas companies, for example. But this level of security is particularly important for the operator’s government customers, who will need to transmit ISR data discreetly, Abad-Santos says.

“Our technical team, our space systems designers, our ground architecture people … are all taking cybersecurity into account when we’re designing the system,” he says. “There are plans to hire not only a Chief Information Officer (CIO) to handle the data applications but we’re also going to be hiring a Chief Information Security Officer (CISO). That person will determine what resources we need.”

A number of the constellations destined for LEO have the advantage of short satellite lifespans (around five years), meaning their networks can easily be refurbished as new cyber protections emerge. LeoSat’s satellites will have relatively longer design lives at about 10 years. But because its spacecraft are based on Field-Programmable Gate Arrays (FPGAs), the company will be able to upgrade its software as needed.

“We recognize that the world is changing, so we are trying to be forward-leaning in regards to ensuring that our customers’ information is safeguarded the entire time it traverses our network,” Abad-Santos says. “We’re trying to … [accommodate] as many security requirements as possible.”

Building In Security from the Bottom Up

While most tech companies are beginning to understand the necessity of strong cyber protections, there are a few common pitfalls Spohn Security Solutions consultant Tim Crosby continues to observe. First of all, it’s not all about pricey firewalls, he says. “[Companies] invest a lot of money in the technical countermeasures but forget the human factor. They don’t invest in the training or developing a culture of cybersecurity from the bottom up — making sure the basics are taken care of before they implement huge expensive countermeasures that can be circumvented by one person clicking on the wrong thing,” he says.

Crosby asserts that satellite companies must remember that their employees are the tip of the spear — and that they shouldn’t have to worry about losing their jobs if they make a security misstep. “If you see something suspicious, report it. You get an email you think has a funny link in it, report it. If you clicked on it, fess up,” he says. “That could be the one thing that allows a bad guy in.”

While there are risk management companies that can help determine proper cyber protections, ultimately it’s up to the companies themselves to figure out the value of their data and what resources they can afford to keep it secure. “Every organization has to go through hardcore data classification, which is the crux of all this,” Crosby says. “Until you do that, you can’t determine whether you’re applying the correct security countermeasures to protect it.” VS

previousReady or Not, Here Comes 4KnextRegional Roundup: April 2017