Complexity is the enemy of cyber security. Complexity introduces risk in ways that are hard to predict. The more complex a system is, the easier it becomes for adversaries to attack, and the harder it becomes for defenders to defend.
In my 30-year career in intelligence and cybersecurity, I have seen some complex enterprises, but I cannot think of an enterprise more complex than those supporting modern space operations.
If you are in the business, you know the complexity first hand. Satellites, planetary probes, and manned platforms all require precision engineering and embedded computer and communications systems that must function with extreme reliability. Communications to and from space objects require well engineered ground stations with specialized communications equipment and extreme security to make sure only authorized commands are processed by the space object. Depending on the mission of the space object, communications down may also need these extreme levels of security.
Adding to this complexity is the fact that no space object stays within the airspace of any particular nation. Space is a domain where no nation has ownership and all nations may operate. And space objects, depending on their function and orbits, may spend large portions of their orbit within communication range of sophisticated adversaries that may seek to disrupt or damage or deceive them while in operation.
There are many other complexities, including the fact that most of all modern space activities are international, supported by broad coalitions of companies and countries. The supply chains required for any space project are extensive and global.
Over the last 5 years, we have seen cyber attackers take advantage of these complexities in ways that should motivate us all to take action.
We have seen major aerospace and defense contractors fall victim to cyberattacks that have resulted in compromises of sensitive intellectual property. Every integrator and aerospace contractor of any size is struggling to fight malicious code, and all have concerns over the damage that a trusted insider could cause to corporate information. Space assets themselves have been leveraged by criminal groups. At least three different criminal groups have gained unauthorized access to satellite-based communications to provide command and control for malicious code. The methods of the attack involved spoofing and misrouting internet traffic on the ground in ways that let unauthorized traffic transit space-based systems to transmit commands to software the criminal groups control on other people's computers.
All indications suggest that this type of attack will grow. Operators of space systems also need to worry about attacks from sophisticated nations that can intercept, decode, and replicate command and control signals.
There are also threats from the hobbyist with an antenna on a roof who decided to pass commands to a manned mission to Mars. Imagine an unauthorized command being sent by a hobbyist to a capsule halfway to Mars that tells the capsule to alter course, or to jettison fuel, or to start a mind-dizzying spin.
For now, the potential of these attacks is just a nightmare. But the fact that we all know the laws of physics of communications and all have access to commercial hardware and software used in the aerospace community makes these nightmares something to consider.
What can we do to prevent nightmare scenarios in our manned and unmanned space programs? My time helping raise cyber defenses has led to a few suggestions, including to strengthen information sharing in the aviation and space community on best practices in security design and risk mitigation. Design in ways that assume eventual breach by adversaries and enable fail to a known good state for any system. Accept the cost of redundancy in space-based IT, and design in advanced monitoring and reporting for events on any space object. Develop standards of security and operation and ensure compliance by any organization which seeks to launch an object into space. Ensure the ground-based segments of space architectures are well protected, including the enterprise IT of all companies involved in the project. And lastly, establish independent test and evaluation processes and methods, including “red team” approaches to testing platform vulnerabilities. VS