Satellite Cyber Influencers Discuss Evolving Landscape
In September, U.S. President Donald Trump signed a Space Policy Directive establishing the first comprehensive cybersecurity policy for space systems in the U.S., a landmark piece of space policy that will play a key role in the protection of U.S. space systems and assets. It shows the importance of keeping space based assets secure. The question now, is what the satellite industry can do to make sure it stays ahead of the curve.
October 1, 2020
CyberSatGov this year will further explore the relationship between the US government and the commercial satellite industry. Here, we talk to a number of key players in the satellite industry about what is next and how the threat landscape is changing as we head into this new decade. With issues surrounding the supply chain of satellite/space companies, as well more satellites being launched, it has never been a better time to be in the space industry. However, the risk has never been as great as it is now for a major incident involving a satellite, given there are more of them, and many will be closer to Earth.
If the theme of this feature is about ‘staying ahead’, it is worrying to hear a satellite executive say the industry is behind in some aspects but that is what Steve Reeder, Senior Architect, Cyber & Engineering, Envistacom admits when examining security issues surrounding ground infrastructure. He says, “Look at ground-based telecom companies and the types of cybersecurity services they have brought to market over the past 10 years. The satcom industry is behind, because they are still mostly driven by commercial market demands, but I expect to see them follow a similar evolution. What the business world is now demanding is higher levels of protection. The days of saying my global traffic is protected by an MPLS [Multiprotocol Label Switching] network are over.”
Reeder believes cybersecurity is becoming paramount in every aspect of satellite communications. He talks of cybersecurity being baked into the design and implementation of a satellite constellation and ground stations. He believes more commercial satcom operators will implement cyber defense services into their ISP transport services.
Nate White, vice president of Communications for Peraton agrees that the satellite community has only recently started to embrace the need for robust cybersecurity, resiliency, and active approaches to maintain interference free communications. He says that cyber attackers are adept at finding the weakest link in any infrastructure system and exploiting that in a low-cost manner.
“It’s not apparent that space assets have received the same focus from the community. There is still a widely held belief that satellites are less vulnerable because they are ‘air-gapped’ — at great distance from the Earth. However, satellites are susceptible to malware that may be inserted via the supply chain or as part of the communications link between satellite and ground. A cyber attack on ground infrastructure may be recoverable, while a cyber attack on a satellite can be catastrophic,” he says.
White says he has observed a trend that many fleet operators are hiring Chief Information Security Officers (CISOs) from telecommunications companies to develop their approaches to vulnerabilities across the ground network and terminal systems.
Steven Montgomery, general manager of Cyber Solutions for L3Harris C5 Systems believes over the next year the industry will see development begin for some Space Development Agency (SDA) projects and other smallsat demonstrations with prototyped cybersecurity measures. He believes it will likely take several years to standardize, develop, and deliver a trusted core of security solutions such as fully evaluated Root of Trust (RoT), network encryption, and cross-domain solutions which can be accredited for cloud based, autonomous processing in space. He says none of these solutions are currently available beyond prototype Technology Readiness Level (TRL) maturity. He believes the threat landscape is continuously changing and the operational security solutions will need to implement an on-orbit trusted upload mechanism to counter a changing cyber threat landscape.
A big topic in Via Satellite has recently has been the onset of Artificial Intelligence (AI) and Machine Learning (ML) in operations of space companies. This could be a double-edged sword for the industry as we look at some of the tech trends in this area. It can be used by friends and foes alike. Kent Varney, Director of Cyber Engineering, Lockheed Martin Space talks AI and ML being used in orbit for threat detection and mitigation. Varney also believes we will begin seeing more wargaming and cyber ranges that better simulate and prepare cyber operators to counter threats. Having better cyber situational awareness is key to preparing against an attack. He also believes we will see wider adoption of secure coding practices and DevSecOps happening across industry and government. He thinks when you focus on cyber resiliency for your systems and platforms up front, it reduces costs down the road and increases resiliency to ensure mission survivability, he says. As zero trust and defendable architectures become more common, space systems and platforms will function with increased resiliency against our adversaries.
“Additionally, new advances in technologies such as 5G, Quantum Key Distribution [QKD], and Software Defined Networks will be assessed for bringing new capabilities and challenges to the cyberspace arena. So, it’s important we take a holistic end-to-end approach to cyber security to drive mission survivability,” he says.
Operator Look to Ensure Cybersecurity Throughout Supply Chain
Satellite operators have unique networks and eco-systems. They invest a huge amount in space based assets and the resulting ground infrastructure. They face the challenge of making sure there are no weak points across their networks and supply chains. Phil Mar, vice president and chief technology officer, Information Assurance and Cybersecurity at Viasat says the company is taking a holistic approach to building, acquiring, and managing its satellites. This goes from the very beginning of the design, development, and acquisition process, the company incorporates a robust information assurance and cybersecurity program, and it maintains this program focus throughout the entire life cycle of the satellite ecosystem.
“We think about Supply Chain Risk Management [SCRM], Software Development Life Cycle [SDLC] management, design information control, built-in cyber monitoring and Telemetry, Tracking & Control [TT&C] cryptography, to provide a few examples. We also need to think about third-party suppliers. For example, in the past only a few sources built a bus or payload. Now there are more options, and as an operator, we must bring new thinking in our integration of third-party resources, ensuring minimal malicious activities are introduced into the design, development and acquisition processes,” Mar says.
Viasat has seen increased interest and attention focused on cybersecurity from both government and commercial customers. “Awareness of the frequency of cyber attacks and a deeper understanding of the potential global interruption and damage to communications, business and overall operations has placed a sense of urgency and importance on the topic. Furthermore, the U.S. government includes both cyber and space as contested battlespace environments — which has elevated the need for enhanced cyber network hygiene,” he says.
When analyzing potential threats, Vinit Duggal, vice president of Network Engineering for Intelsat says the operator is always looking for the weakest link. Intelsat uses a combination of internal and external resources to continually assess its security posture across its enterprise and service offerings. Over the years, Intelsat has found Very Small Aperture Terminal (VSAT) systems have had the most exposure.
“Typically, when we find issues our security teams implement mitigating controls and work with the vendors to close the gap permanently. However, there is always room for improvement with the VSAT players. Security is still somewhat of a backburner item with these partners and they do react when our teams uncover issues. However, I would like to see our VSAT ecosystems partners take a proactive approach to address security and seamlessly integrate the right controls into their product development cycles,” says Duggal.
Duggal says Intelsat has expanded its service portfolio and pushed further down the value chain with its customers. Intelsat has had to expand its capabilities to ensure the entire service chain is secure. “This means we are working with our ecosystem partners and customers so that we are all on the same page with respect to the lines of demarcation and what controls are in place to ensure the availability of the service,” he says.
One of the big issues facing the satellite industry is that as more software-defined satellites come online, that could offer another potential line of attack for malicious actors. On whether this makes satellite assets more vulnerable, Mar believes firstly that we need to understand that not all Software-Defined Radio (SDR) designs are created equal. He adds, “Additionally, the dependency and reliance on open source software and information assurance architecture designs greatly impact the security of any satellite system. We must remember, the U.S. Government has been relying on SDR technology for 20 years, and has incorporated techniques to leverage flexibility while maintaining security.”
On this issue, Duggal believes you need to decouple the satellite control from the actual services. He says satellite control will not change much for Intelsat, and that the company has some very effective frameworks and controls to protect its fleet. “We will continue to manage and evolve these strategies. The dynamic nature of software defined services over satellite will need to be evaluated separately. While we have successfully started building software defined services on the ground, we have just started to dip our toes into defining our next generation fleet, we will implement our security process as we do with everything else here to ensure we are meeting our customers availability needs,” he says.
Montgomery believes software-defined satellite security can be enhanced by implementing a RoT hardware component to verify software integrity and facilitate a trusted upload process for software updates. “The RoT hardware must be developed using high assurance evaluation standards and act as a security monitor to minimize the impact of software vulnerabilities. RoT is a critical component in implementing a system-wide zero trust architecture,” he says.
Reeder says in order to combat this threat, Envistacom has cybersecurity and PEN tester members on the design and development teams from the start. He talks of the importance to build software that is cyber resilient from the start. “We address the software maintenance control path. This has been one of the largest attack angles on all modern technology products. The government has developed very robust methods for doing this in high value government assets and could assist commercial developers with better management and control plane implementations for reduced risk. The key is multiple paths for control and the ability to reimage in the event of attack. This means the underlying control may need more than one level,” he says.
Security Risks in LEO, MEO, and GEO
The satellite landscape is becoming more multifaceted than ever before. Satellites are being launched into different orbits, closer to Earth, and in larger quantities than ever before. As the satellite industry changes as a result, will satellite assets become more vulnerable? Duggal believes the differentiator with respect to the security of various orbits will be focused around operating models and the costs associated with maintaining the ground across all of these. “Ensuring the security of the command and control aspects will be generally the same if addressed correctly. The scope varying from large security footprint in LEO [Low-Earth Orbit] to a smaller footprint with GEO [Geostationary Orbit]. The biggest security impacts will be with how security is addressed across the core service offerings across these orbits — consumer, enterprise, mobility, etc. Those will all differ in how they are instantiated across the various service chains,” he says.
Large satellite constellations pose a different challenge from the size and scale of network, according to Varney. “When you begin networking systems together, you open the door to being able to take control of not just one satellite, but potentially the entire constellation if you don’t build cyber protections in from the start. SmartSat, Lockheed Martin’s software-defined satellite system, offers a new level of vehicle satellite through software and hardware-based intrusion detection, secure coding, encryption and identity management. We’re bringing the same degree of network security that we see here on Earth into space,” he says.
White admits when the increased vulnerabilities introduced by intersatellite links to existing and future LEO fleets are factored in, the chances of the cascading impact of an attack increases “exponentially.” He says cyber vulnerabilities are not isolated to a single satellite or one constellation, and that future internetworking capabilities could increase the vulnerabilities of multiple constellations to cyber threats.
“The satellite industry will need to consider lessons learned from terrestrial internetworked telecommunications carriers to combat future threats. Although LEO constellations offer more accessible targets for direct kinetic attacks — which could cause chain reaction debris collisions — having more satellites can provide additional resiliency to attack as well as a greater threat surface that makes it less likely that a malicious actor can critically impact enough space assets to disrupt these widely distributed capabilities,” White says.
Montgomery says the trend is to add constellations with lower orbits demands smaller, higher quantity satellites with security that can operate with complex networking and highly autonomous architectures. He believes these novel security solutions have not yet been implemented in space-based networks. He thinks the challenge here is to leverage and/or tailor existing security standards so the industry can rapidly develop interoperable solutions which can be reused across diverse missions to facilitate rapid launch cycles at a reasonable price point.
Mar says that all space and associated ground infrastructures from LEO, MEO, and GEO are subjected to remote cyber attacks, just like financial institutions, utility power grids and other critical infrastructures. “We find the main factor is the proliferation of networked topology; however through the use of more commercially-oriented technology, space networks can leverage critical advancements, including unprecedented sensing and communications capabilities to detect potential cyber attacks — all while keeping the cost of deployment and operations down,” he says.
What Satellite Tech Companies Are Bringing to the Party
While all agree that the threat landscape is evolving, the onus will be on satellite companies to bring technology to help improve the overall security of space assets. So, what kind of tech are they bringing to the table? L3Harris is currently investing in a core set of security solutions for trusted processing hardware, highly networkable cryptography and cross-domain solutions that can be quickly and affordably accredited in a wide range of national security satellite constellations. These investments will pave the way for practical security solutions needed for hybrid LEO/MEO/GEO operations. Montgomery says the company’s solutions will ensure resilient and secure operations in a highly contested dynamic space and ground environment.
Envistacom is developing unique secure transport services that are agnostic to the underlying satcom operator and implementing techniques to hide the customer traffic — essentially enabling the government to hide in plain sight, according to Reeder. He says one disadvantage of dedicated government assets such as Global Broadcast Service (GBS) and Advanced Extremely High Frequency (AEHF) is that the enemy knows these are transporting government traffic.
“When using commercial satcom systems, the government’s traffic will represent a small percentage of the overall traffic and hence efforts can be made to hide the government traffic, making the enemy’s job much harder. This can be more effective than hardening the actual underlying system, which would require influence on the satcom design and development phase,” he says. “With virtualized waveforms in multi-orbit operation, transmitted information becomes highly secure. Envistacom is also bringing multiple ground station technologies to market which will enable such highly secure transmissions.”
White says Peraton has a host of capabilities to address new and emerging space threats. These include mission management software, TT&C software, cyber defense solutions, and direct support of government space domain awareness. Peraton’s Mission Management Suite, OS/COMET TT&C software, and professional services team manage the flight and mission operations of many commercial and government satellites today. “This enables those systems to quickly react to any disruptions. Our cyber defense solutions and space domain awareness teams protect critical scientific and national security space missions across several government organizations,” he says.
Lockheed Martin has recently completed installation of new M-Code Early Use software and hardware that includes Lockheed Martin’s Red Dragon Cybersecurity Suite. The upgrade significantly improves cyber situational awareness into the GPS network, according to Varney. “Space is a key enabler that must be protected end-to-end – That’s why Lockheed Martin developed the Cyber Resiliency Level [CRL] model to better measure cyber resilience and guide improvements to systems. The model uses six categories, which align with DoD customer requirements and hard problems mitigation. The CRL team measures the customer’s overall risk tolerance to determine ways to reduce possible cyber threats within systems. The team then coordinates with all stakeholders to make recommendations on prioritized courses of action to mitigate threats and increase overall resiliency,” Varney says. VS