Next-Generation Cybersecurity Defenses Coalesce for Space Systems

It’s no secret that advancements in AI are growing in parallel with the ambitions of foreign adversaries. Although not limited to state actors, the most obvious threats to Western cyber infrastructure are China and Russia – countries with antagonistic tendencies who happen to be launching inspector satellites into space.

Any number of Cold War analogies can be made in 2023, a year we saw the Pentagon ask for $3 billion for AI/ML capabilities while Elon Musk’s Starlink has been integral in the war between Ukraine and Russia. Regardless of the war’s eventual outcome, cyber confrontation is likely to continue at scale. However, experts are optimistic about the future of cybersecurity as it relates to space, in spite of the growing concern over the modern threat environment.

“Service providers, nations, deployed headquarters and users need to take cyber and its relationship with space services seriously across components, with allies, government and key industry partners. The technical and threat landscape has changed, together with the associated opportunities and risks,” said Neil Fraser, director of Defence and Space Programmes at NSSLGlobal, a satellite service provider based in the United Kingdom.

“With the increase in the number of small teams and individuals using satcom, the number of potential ‘attack vectors’ via network links has also risen,” Fraser adds, describing the threat environment. “This means that nodes, hubs, terminals, and user access devices such as terminals, tactical tablets, and personal electronic devices including those being used for welfare, are all at risk of being targeted.”

The Modern Threat Environment

Cyberattacks can have very real consequences on the ground, just look at the hack on Viasat’s KA-SAT ground network just before Russia invaded Ukraine, which took tens of thousands of broadband customers offline in Europe.

“There's the cybersecurity threat and then there's the real threat,” explains Kayne McGladrey, field chief information security officer (CISO) of compliance company Hyperproof, and senior member of the Institute of Electrical and Electronics Engineers (IEEE). “Cybersecurity threat is disruption, like when we saw the Russians invade Ukraine as part of their illegal war, they took down Viasat and not by attacking the satellites themselves, instead, they attacked the firmware of satellite modems on the ground.”

The task of scaling advanced cybersecurity is enormous. Experts believe the key may be the rapidity with which private and public interests come together to meet the day. Indeed, system vulnerabilities are being tested at speeds previously inconceivable. Yet incorporating white hat AI solutions into cybersecurity has technical limitations that CIOs must consider.

Cybersecurity vendors often use AI to help with log analysis, McGladrey explains. While he thinks about the supply chain issue around the amount of processing capacity needed for AI, he says the biggest challenges with AI these days are ethical in nature.

“Can we audit code manually or with humans? Or, can we have automated code checks for software vulnerabilities that would produce cybersecurity defects? There's not yet a lot of regulatory or legal jurisprudence that we can lean on,” McGladrey says.

Even SpaceX founder Elon Musk has raised concerns with the development of AI. Speaking to lawmakers in September, Musk called for Washington to get more serious about regulating AI, saying that AI development “is potentially harmful to all humans everywhere.”

For its part, the White House issued guidance to “rebalance the responsibility to defend cyberspace” back in March, calling out ransomware schemes and social engineering threats bound and determined to undermine America’s democracy. The strategy calls for more investment and renewed focus on an “unprecedented level of collaboration” to create a more resilient network of defense systems.

New government initiatives are in the works. The Justice Department announced a new National Security Cyber Section in its National Security division in June of this year, promising to “increase the scale and speed of disruption campaigns and prosecutions of nation-state threat actors, state-sponsored cybercriminals, associated money launderers, and other cyber-enabled threats to national security,” signaling an all-hands-on deck moment for firms with capable solutions.

With regards to satellite systems, threats began intensifying in quantity and sophistication in the wake of Russian-Ukrainian warfare. The deadly conflict will soon surpass 20 months of war, with cyberwar a key front in the battle. Space-based systems are also receiving attention, and rightfully so.

Leading firms integrating AI into responsive cybersecurity applications, for instance, include Orbit Communications Systems. They recently unveiled the NetShroud+ system that harnesses neural networks and AI to unveil zero-day attacks in real-time. Another company at the forefront, SpiderOak, recently deployed its OrbitSecure cybersecurity tech onto the International Space Station (ISS).

SpiderOak’s vice president of Solutions Matt Erickson recently described the challenges for cybersecurity firms to Via Satellite, describing a pressing need for the U.S. to combat near-peer power players – specifically mentioning China and Russia – as large language models (LLMs) advance rapidly.

“AI is not going to figure out a broad new means of technological attack, but it's going to understand the way that programs typically are built to fail and try and just iterate on that,” Erickson said. “And there will be a little bit of that AI creativity applied to attacks which will be able to guess faster on how your software system might be broken – which is really where we start needing to come into secure by design systems to counteract modern threats.”

In this age of unprecedented cybersecurity collaboration, Space ISAC’s Space Information Sharing and Analysis Center is specifically outfitted for space industry threats. With a sparkling new headquarters in Colorado Springs, the government-backed Space ISAC is preoccupied with AI/ML community of interest (CoI) and the intersection between AI technologies, cybersecurity, and space infrastructure.

Executive Director Erin Miller described how the organization has enabled its 80-member Space ISAC global community to share threat intel. The organization has a “traffic light” protocol that it uses to issue alerts about threats to the global space community, in addition to data sets and visualizations for its Watch Center analysts.

Miller describes the changing threat landscape: “What we're seeing is a number of threats so prolific that we need to adopt AI and potentially ML algorithms to be able to interpret the threat against the attack surface – which is vast and includes an enormous amount of data sets – so that we can empower our network defenders to protect the network as rapidly as possible.”

Space ISAC recently published a white paper on novel solutions for mitigating security vulnerabilities, promising to accelerate successful deployment of AI-enabled solutions in space.

Miller suggested the Space ISAC Cyber Vulnerability Lab is pioneering software security to fill the needs of its member group.

“If you look at the attack surface for space systems it includes ground link and space, and the launch community [is looking for] connectivity back to the business system – that’s the type of solution we're looking for in the future, as well as addressing the supply chain risks.”

A Sophisticated and Scalable Cybersecurity Future

As the ethics of AI/ML are sorted at the highest levels of business and government, critical infrastructure both on the ground and in space are receiving upgrades with cutting edge cybersecurity solutions. It’s just not happening at a pace quick enough for most experts involved.

The Pentagon has long struggled to upgrade the cyber defenses of its space programs, due in part to the larger problems the DoD has historically experienced with software development. U.S. Air Force Secretary Frank Kendall made this point at a recent appropriations hearing, citing the example of the OCX ground control system for the Global Positioning System (GPS) satellite constellation. OCX has faced delays, and Kendall attributed some of them to the need to add cybersecurity features that were not originally part of the design framework.

The DoD Chief Information Officer John Sherman said earlier this year that the march towards zero-trust cybersecurity systems will continue with a goal line of 2027 for developing a strategy. The bar for security with any government system is, as one might expect, is very high.

To help set that bar, the U.S. Space Force launched the long-awaited Infrastructure Asset Pre-Approval Program (IA-Pre), which establishes cybersecurity requirements for commercial satellite communications providers working with the U.S. military. Other organizations must pass the DoD’s test using the Cybersecurity Maturity Model Certification (CMMC) for business partners of U.S. national security.

The modern threat environment presents challenges for companies with ground systems solutions. One such company, UltiSat, is focused on delivering secure by design systems for the U.S. and allied governments, NATO countries, the United Nations, UNICEF, and the World Bank among others. Leadership told Via Satellite that UltiSat acknowledges and is prepared for the pressing need to stay ahead of the curve, evolving to meet client expectations and deliver information assurance at scale.

On the subject of zero-trust solutions, president and CEO UltiSat David Myers said his company has already embraced zero-trust solutions. He noted that attacks that were once theoretical are now very real.

“The philosophy of cybersecurity has changed over the last few years,” Myers said. “Used to the thinking was, ‘We'll build a network and afterwards we'll put a fence around it.’ But that doesn't work anymore. You need the proverbial fences built into the network that prevent someone from penetrating. Maybe they get through level one? But they can't get to the next tier, the next tier and so on. That kind of architecture has changed the thinking [and concerns over] not just the network, firewalls, intrusion detection and those kinds of things – but also physical security.”

To address the evolving cybersecurity demands on networks, UltiSat designed its GC5 Satcom Service, a managed service that provides a purpose-built secure network for government operations.

“Our GC5 network is a government-grade, secure network that can be bought one unit at a time,” noted Myers. “Normally government grade networks are big, long monolithic procurements and the government's going to buy a five-year contract for hundreds of units. But we've built it as an off the shelf service.”

UltiSat is hyper aware of the counteroffensive measures needed to combat many of these threats – especially when it involves UltiSat’s hyper-encrypted, fiber network-based ground systems that link to important Low-Earth Orbit (LEO) satellite services and cloud-based services. The company is one of the very few authorized integrators for SpaceX’s Starlink (and Starshield, the government version of Starlink).

Myers and other experts interviewed for this article describe a new level of vigilance required to defend against cyber threats.

“We used to imagine China or Russia or somebody with a huge cyberattack farm – lots of people sitting behind screens all day,” Myers says. “But with ML and AI, you can create bots that are constantly going out and trying new permutations to break into networks. We’ve got a team of people who, all day long, monitor our networks and our infrastructure, run penetration testing, run drills to kind of see what happens. It is a different level of vigilance than in years gone by.” VS