In April, a report published by the European Space Agency (ESA) confirmed that a team of hackers from Thales Alenia Space successfully demonstrated its ability to covertly access parts of ESA's OPS-SAT spacecraft. The team accessed the control layer of the satellite and demonstrated how they "tamper with images taken with the satellite's camera and rotate the spacecraft away from its normal pointing," according to ESA.
The confirmation of the ESA demonstration came during the same month a leaked U.S. intelligence report described cyber weapons being developed by China that can seize control of enemy satellites during a war. Both reports come more than a year after Viasat's consumer-oriented satellite broadband service experienced a partial interruption due to a multifaceted cyber-attack .
One company trying to establish a new approach to cyber-securing satellites and other critical assets is Phosphorous, the Nashville, TN-based provider of the extended Internet of Things (xIoT) cybersecurity system. Its approach to protecting satellites and other assets is to automate the process of remediating IoT and network device vulnerabilities to include out-of-date firmware, default credentials, and risky configurations, among others.
Phosphorous VP of Product Management Sonu Shankar explained why cybersecurity risks to satellites will continue to be a concern for government and industry, and what type of attacks he believes will increase in quantity in the future.
Tech Briefs: Why have satellites become a major target for hackers?
Phosphorous VP, Product Management, Sonu Shankar: Targeting satellites for cyberattacks can provide a significant strategic advantage for conventional kinetic warfare, especially when they are launched in concert with invasions on the ground. The Russian campaigns against the U.S. satellite company Viasat is a recent example of such an attack. APT groups such as Turla have also been known to engage in attacks targeting satellites to augment other, more traditional cyberattacks using satellites to exfiltrate data from remote areas.
Tech Briefs: What type of vulnerabilities exist within in-orbit satellites that could expose them to malware or ransomware?
Shankar: Satellite communication networks consist of several critical components, including ground station systems, network gateways and modems, and various control center devices that are IP-connected.
Tech Briefs: How can satellite manufacturers and network operators develop or embed cybersecurity protection methods against new and emerging threats?
Shankar: Operators need to be aware of the fact that these end-to-end networks inevitably include both brownfield and greenfield devices, and as such are likely running firmware that is outdated or vulnerable to multiple critical vulnerabilities. These embedded devices are also often shipped and deployed with weak default passwords that are rarely changed or rotated. Furthermore, effective configuration management is crucial for ensuring that embedded devices are not susceptible to attacks resulting from risky configuration settings. It is essential to regularly review and update the configurations of these devices to maintain their security posture.
Tech Briefs: When you look at the type of equipment, devices, and/or technology that bad actors are using to enable such attacks, how sophisticated or advanced must their equipment be and how easily are they able to obtain it?
Shankar: Almost every subcategory of cybersecurity, such as network, email, endpoint, and cloud, has evolved significantly to become increasingly sophisticated. However, one aspect of the overall attack surface that is poised to dramatically grow in relevance in the coming years is that of IoT, which includes connected embedded devices that are unable to run traditional Endpoint Security agents.
Tech Briefs: What type of attacks against satellites or other assets do you expect to grow in the near future?
Shankar: IoT has been growing at a faster pace than other attack surface aspects, especially as the cross-domain nature of the IoT brings in diverse operating systems such as Linux, Windows, and Real-Time Operating Systems (RTOS), as well as a multitude of network protocols. As a result, the IoT aspect is often overlooked or ignored despite being the most diverse, directly contributing to the very high likelihood of IoT attacks over the next few years.