Is The Satellite Industry Ready for Cyberwarfare?
Satellite cybersecurity is gaining more attention in the industry and among government officials, with raising concerns about a cyber warfare. The biggest space powers are taking the lead in satellite cybersecurity, while governments are publicly addressing how challenging it is to pinpoint security flaws, asking feedback and soliciting industry ideas to better defend satellites from cyber-attacks. The investments and initiatives that have been taken so far in the set-up of satellite cybersecurity have been a strong start. However, there remain security gaps in the defense against “new types of cyber-attacks” and security integration on different fronts.
NSR’s Satellite and Space Cybersecurity Markets (Cyber) report forecasts cumulative cybersecurity revenues of $33.2B in the commercial segment and $5.9B from Government and Military over the next decade. Previously, NSR stated that SATCOM will generate 93% of all revenues due to the large volume of satellites in non-GEO. Nonetheless, high cybersecurity revenues for SATCOM does not address the growing threats in other applications across the satellite sector. There are many types of cyber-attacks that can target different satellite applications.
Assessing Risk, Probability and Impact
For instance: a malware attack can be conducted on the ground segment but also on the satellite payload of any satellite that exposes some vulnerabilities. Similarly, data corruption attacks can occur on EO, SATCOM and Navigation satellites on the ground segment or the satellite link.
Historically, NSR has observed more eavesdropping, jamming, and spoofing attacks on satellites than other forms of attacks such as hardware backdoor, malware, or denial of service attacks on satellites. This is due to multiple reasons:
- The attack surface used to be limited, with fewer players, fewer satellites, fewer satellite operators and technologies present in the satellite industry.
- Nation state hackers mainly conducted cyber-attacks on satellites to spy on other nations and to intercept the spread of fake news.
- For years, the satellite industry has been in a ‘luxury’ position to remain in the background and “out of sight” of attackers, who predominantly focused on other sectors such as banking, retail, healthcare, or government agencies.
In a nutshell, satellite cybersecurity does not look the same as it did twenty years ago, and threats continue to become more severe. The attack surface has been expanding together with the attackers’ capabilities, and non-state hackers are now conducting cyber-attacks on satellites for personal and financial gain.
Satellite cybersecurity has also been put in the spotlight after the threats it exposed during the war in Ukraine, and cyber warfare has become a normal phenomenon where cyber-attacks are being conducted regularly to damage critical infrastructure and burden another nation’s economy. Hence, what the satellite industry is fearing now can become a reality soon, i.e., ransomware and other forms of cyberattacks as we have seen across other industries coming to the space industry.
The risk assessment below is a generic model of the application specific matrixes showing different cybersecurity risks that are applicable to all satellite applications.
The probability and impact of an attack can differ depending on who is conducting the attack (non-state/ state hacker) and for what motive. For instance, the likelihood that state hackers will conduct eavesdropping attacks on other nations’ satellites is high, because multiple governments have eavesdropping satellites. The impact of eavesdropping is “medium” because it will result in data theft but no physical damage to the satellite unless the eavesdropping satellite gets too close and potentially collides with the satellite it is spying on. Cyber-attacks on the supply chain are common in terrestrial networks and can have a very high impact if it leads to unauthorized access of the satellite. In this case, the operator is at high risk for loss of control over the spacecraft and the end user would be at risk for data theft and revenue losses.
For some types of these attacks, particularly those that the satellite industry experienced more often (spoofing, jamming, eavesdropping, replay) there already exist solutions such as anti-jamming capabilities that secure military operations. In addition, governments, especially those in the midst of a cyber warfare, are investing much in the development of cybersecurity standards.
Going Beyond Standards
Satellite operators will do what is within their control to protect the data and the satellite, often working with some of the leading cybersecurity vendors or purchasing customized security solutions. However, these anti-jamming capabilities, customized vendor solutions, and standards may not always suffice to defend against those attacks analyzed earlier. And beyond these methods that comply with government standards, some may argue that the responsibility shifts from satellite operators to the end user, who often have no or minimum methods to secure their data. This creates security gaps and “entry gates” for the attackers to do their work.
There are few companies who, prior to this recent cyber warfare, have invested in additional cybersecurity such as anti-jamming capabilities unless it is to serve government and military customers. SpaceX and OneWeb are developing more advanced cybersecurity features on their satellites. Xona Space Systems and Trustpoint are also aiming to enter the navigation market with more reliable anti spoof and anti-jam capabilities. But these are only a handful of players out of many companies that are equally at risk for cyber-threats. Hence, satellite operators and end users share a responsibility to go beyond the minimum requirements, find ways to detect and reduce those security gaps, and streamline security integration, whether it is for commercial or Gov/Mil customers.
NSR forecasts 84.9% of future cybersecurity revenues in the next decade to come from protecting commercial satellites. This value is an aggregate of both the hardware and software spend in manufacturing, as well as integrated and add-on costs of services focused on protecting these satellites. This is again because of the numerous constellations that will be launched in non-GEO over the next decade. But if we look and compare satellite cybersecurity on a per satellite basis, commercial cybersecurity expenditures on satellites are not as high as Gov/Mil cybersecurity spending. This also becomes clear with Navigation satellites, which is mostly a government & military market, and features a much higher degree of cybersecurity integration than other verticals such as SATCOM and Earth Observation.
Governments will purchase services from cybersecurity vendors and at the same time spend a minimum of 10% of the overall satellite cost on cybersecurity. This is not the case for the commercial market with the exceptions of satellites that serve both commercial and Gov/Mil markets, which is alarming because cyber-attacks on satellites will continue to occur. For instance, Russia warned attacks can be targeted at commercial satellites too, especially on companies that get involved in the (cyber) war in Ukraine, such as SpaceX who has spent approximately $80 million to provide Starlink services in Ukraine. And in times of conflict, non-state hackers or political hackers also get involved, imposing additional risks to other commercial satellite companies.
The Bottom Line
The development of standards and minimum-security integration does help the satellite industry in building layers of security on different fronts. But these will not suffice in times of cyber warfare where cyber-threats against satellites are at their peak, especially commercial space companies will be at higher risk. The satellite industry requires more investment in manufacturing resilient systems while also streamlining cybersecurity between commercial satellite operators, government, and end users. Otherwise, the risks, ease of access, and impact of cyber risks will only grow, threatening to disrupt the entire satellite industry both upstream and downstream.