Over the past decade, there has been a proliferation of space-based technology. Increased affordability and accessibility of satellite and other space technology have led many countries and enterprises to get involved. Space technology is playing an increasing role in the day-to-day operations of businesses, militaries and the lives of individual civilians.
With greater affordability and accessibility of space has come greater cooperation between public and private entities and military and civilian organizations. For example, SpaceX is a private company that regularly delivers humans and equipment to space for NASA. The Pentagon has also contracted with SpaceX for use of its Starshield satellite network for military purposes. The overall increase in scale, scope and interdependency of space technologies across public and private sectors also drives a need for more cybersecurity capabilities tailored to rapidly evolving space infrastructure — and the ground-based technology that supports it.
This combination of rapid growth and technology proliferation with increased public-private collaboration is driving several major cybersecurity trends in space. First, there is an increased demand for distributed cybersecurity technology that can work across organizations and widely distributed assets, such as ground stations and satellites. Second is the adoption of zero trust technology to enable secure connections and data sharing across different organizations, classification levels and more. And finally, the increased public awareness of potential cyberattacks in space, which is driving discussion around whether space should be considered a critical infrastructure sector.
Increased cross-sector collaboration in space
Historically, satellite technology, both hardware and software, was custom-built and only available to government agencies. Only a small number of countries had the ability to launch satellites into space. This provided a degree of “security by obscurity” against cyberattacks that are rapidly evaporating. Over the past several decades, private companies have accelerated innovation in space technology and have outpaced government space agency launches. In Q1 2023, SpaceX launched over 700 spacecraft into orbit, the majority of which were communications satellites. As private companies move rapidly to both build and launch satellites, governments are looking to collaborate, to tap into the value and pace of innovation enabled by private companies.
This raises urgent cybersecurity challenges. Governments hoping to use commercial communications satellite networks to rapidly relay data across the globe must be assured that the sensitive data they are transmitting is secure. If a government purchases satellites manufactured by a private company, they need to know that the technology has been built with the highest cybersecurity standards in mind. Private companies may use commercial, off-the-shelf technology in building their satellites, as confirmed in a talk at BlackHat 2023 in which a researcher found basic security flaws in several models of commercial and government-used satellites.
Governments know they need to rely on private companies' innovation to create new technologies to achieve cybersecurity goals in space, as much as they have come to rely on private companies to build and launch satellites. As more and more critical government functions, and the livelihoods of civilians, rely on an interconnected web of public- and privately owned space and ground infrastructure, cybersecurity across these assets grows more important than ever. There has been ongoing discussion as to whether space should be designated a critical infrastructure sector by the U.S. government. This would potentially increase regulatory guidance and funding for the cybersecurity of space resources. Currently, space forms one component of several existing critical infrastructure sectors, but is not, in itself, designated as such.
The establishment of the Space Force represents a substantial stride in fostering collaboration and underscores the evolving nature of warfare. It also kicked off a much-needed educational campaign about space safety. Now, all are beginning to understand that funding, next-generation research, and securing all types of space infrastructure is paramount. This requires striking a delicate balance between international collaboration and the protection of sensitive military intelligence, as well as the intellectual property of government contractors and the defense industrial base.
Growing adoption of distributed cyber
The highly distributed nature of space assets creates tough cybersecurity challenges. Many satellites are already in orbit, and updating their built-in cybersecurity measures is difficult or impossible. Ground stations that send and receive signals to and from many different satellites could be targeted by attackers hoping to either steal valuable remote sensing data, intercept classified military data, or even sabotage satellites in orbit. Securing all of these assets, while still allowing them to do their job of gathering and distributing data at a speed that enables worldwide private and public business and military activity, is a nontrivial challenge.
One of the core challenges is that of sending and receiving sensitive data among these assets while being sure that the data is not tampered with, corrupted or accessed by unauthorized individuals along the way. Remote sensing data, for example, high-resolution cameras, and other sensors mounted on satellites, is valuable but must be transmitted rapidly to retain that value for mission assurance. How do users capture images on a satellite, transmit them across a network of other private and public satellites, and ultimately to a ground station, to someone who needs to make a life-or-death decision, while ensuring that data’s integrity along the way?
Secure data sharing across various space systems introduces a large challenge in distributed cybersecurity, particularly concerning redundancy and trust. The ramifications of data tampering can be substantial. Even a minor deviation from specifications during a space launch, caused by tampering, can have real-world consequences, potentially resulting in the loss of human life.
A holistic perspective should be maintained regarding all participants in the cyber landscape. To illustrate this, consider the example of Putin's invasion of Ukraine, where a satellite internet provider widely utilized throughout Europe and by the Ukrainian military faced an unprecedented cyberattack. This is a stark reminder that as space systems continue to become more interconnected and intricate, cyberattacks are rising — and electronic warfare has arrived.
Acceleration of zero trust adoption
The realization is dawning upon nations that the same zero-trust principles that have proven essential for securing systems on Earth must now extend to those operating in space. This shift is underscored by the Defense Department's Zero Trust Roadmap, highlighting that both the defense industrial base and military organizations have already identified zero trust as a top priority. However, the current challenge lies in the practical implementation of zero trust within the unique context of space.
Many areas must be secured rapidly with zero trust tech, such as ground communications and satellites. For ground station operations, securing legacy access while also bridging to modern assets is a critical need. Protecting launch facilities is also important, as they are massive facilities with complex, potentially vulnerable industrial control systems. The U.S. Space Force is leading the way in adopting innovative, privately developed security solutions and, more generally, in fostering productive collaboration between commercial entities and defense agencies to secure the space domain.
Uptick in public awareness of cyber threats in space
In a proactive move to expand visibility around space vulnerabilities, the U.S. government launched a satellite into space in August of 2023 with the explicit purpose of serving as a target for hacking exercises. This strategic initiative aimed to assess the cybersecurity landscape of space technology while simultaneously elevating public awareness regarding potential threats in the cosmos. This mission not only shed light on the ease of hacking into space assets but also caught the broader public's attention, increasing global support for space cyber-hardening.
Despite the evident risks and growing awareness of space vulnerabilities, space being officially designated as a critical infrastructure sector is still an ongoing discussion. The designation would acknowledge the intrinsic importance of secure space technology and establish a framework for implementing regulations and oversight. It is a necessary step to protecting not only our nations but the future of space exploration — and having support from the broader public may just be key.
Space as the new cybersecurity frontier
As space enters its new era and is reprioritized, technology — and those that create it — continue to sit at the forefront of all space-related initiatives. With attacks rising, there’s no question that deep collaboration and cybersecurity for space needs to evolve rapidly to protect the growing and changing space landscape. Zero trust innovation and strong collaboration between public and commercial entities must be our guiding star to ensure a future where space is secure.