Cyberwarfare / Nation-State Attacks,
Fraud Management & Cybercrime
Satellites Will Be Newest Cyberwar Front
As space transforms into an arena for conflict, experts emphasize that cyberwarfare will inevitably proliferate in this domain. The urgency to develop robust cyber defenses capable of safeguarding satellite systems from foreign adversaries, cyber espionage, and even criminal hacker organizations has reached a critical point.
Current cybersecurity tools, however, are largely ineffective in the harsh environmental conditions of space. This unyielding context presents unique challenges that traditional hardware and software simply cannot overcome. Cybersecurity measures that function adequately on Earth often cannot be relied upon in the distinct orbiting conditions of low Earth orbit (LEO) mega-constellations, such as those created by Starlink and Amazon.
Indicators of compromise (IOCs)—the cornerstone of cybersecurity defense—also struggle to operate optimally in space, as industry experts highlight. The Department of Homeland Security’s Science and Technology Division, along with various collaborators including the Aerospace Corporation and strategic contractors like Deloitte and the U.S. Space Force partners, are working earnestly to create tailored cybersecurity tools. These innovations aim to detect and, whenever possible, repel hostile cyber activities targeting onboard software systems.
Sam Visner, a former senior U.S. official and current chair of the Space Information Sharing and Analysis Center, elucidates the urgency of the situation. He articulates that there has been a seminal convergence between the domains of space and cyber, a shift that has altered the historical norms surrounding satellite security. While physical attacks on satellite systems have generally been taboo, the cyber realm lacks similar prohibitions, creating an increasingly lawless arena.
Visner notes, “Historically, normative behavior in cyber really doesn’t exist,” reflecting the alarming trend in cyberattacks that has escalated in recent years. The challenges are compounded when considering the physical attacks that remain at bay due to established norms versus the cyberattacks that have become increasingly frequent and disruptive, such as the early stages of the full-scale invasion of Ukraine by Russia in 2022, which initiated with a cyberattack on a U.S. commercial satellite system.
Due to the apparent vulnerabilities, the commercial space sector must brace itself for robust and proactive defenses against cyber threats. Visner insists that there is a pressing need for refined technological and operational strategies to not only detect intrusions but also effectively reject them. The development of resilient satellite architectures capable of defending against various intrusions is paramount.
Ernest Wong, the technical lead for space systems at DHS’s Science and Technology Division, echoes similar concerns, noting the substantial challenges presented by limited onboard resources, such as size, weight, and power. Satellite operating systems must yield deterministic outcomes, akin to the critical infrastructure control systems on Earth, which impedes the adoption of experimental security measures.
This dilemma has resulted in what experts refer to as an “onboard detection gap.” Currently, satellite operators primarily rely on telemetry—the signals transmitted back to ground stations—to identify potential cyber threats. Wong further elucidates that the disparity in hardware and software environments in space, plagued by varying operating systems and architectures, complicates detection efforts.
Without a unified approach to establishing IOCs, the development of indicators of behavior (IOBs) is crucial. Unlike IOCs, which only appear post-attack, IOBs can represent signs of intrusion through identifying anomalous behavior within the satellite’s systems. This innovative approach allows for a more proactive defense mechanism against novel threats.
To bolster this initiative, the Department of Homeland Security and the Aerospace Corporation have recently developed a software package named SpaceCOP. This tool aims to empower commercial satellite operators with a comprehensive cybersecurity framework designed for effective onboard operations. Ten commercial partners have engaged with SpaceCOP, highlighting its potential in enhancing satellite cybersecurity, with plans to open-source the software later this year.
Moving beyond SpaceCOP, Wong explains that the next logical step is the development of autonomous response tools capable of not just detecting cyber threats but also executing defensive actions without human intervention. The sheer scale of the new LEO mega-constellations necessitates this level of automation for manageable cyber defense operations.
To facilitate the automation of responses, the DHS is exploring ways to share cyber threat intelligence more effectively using standardized formats like the structured threat information expression format. Space-ISAC is spearheading efforts to customize this standard for the unique needs of the aerospace industry, promoting collaborative defenses against cyberattacks.
Meanwhile, U.S. Space Force contractor Proof Labs is advancing an AI-driven initiative named the Cyber Resilience On-Orbit program, which employs machine learning algorithms to identify anomalous behavior in satellite systems. This program utilizes synthetic telemetry and other data compiled by BigBear.ai and Redwire Space Systems, promising a future filled with improved detection capabilities for both military and civilian satellite operators.
Currently, Deloitte has launched several satellites—most notably Silent Shield, which includes an on-orbit intrusion detection system. This innovation represents a pioneering effort to incorporate cybersecurity tools directly into satellite operations while ensuring that the tool’s functionality does not interfere with essential satellite duties.
Through ongoing testing, Deloitte has demonstrated Silent Shield’s efficacy in detecting increasingly sophisticated cyberattacks, showcasing the potential for onboard defenses to evolve and adapt against imminent threats to satellite security. As more satellites, including Deloitte-2 and -3, are set to launch, the industry is eager to prove that legacy satellites can also benefit from these advanced cyber defenses.
In summary, the intersection of space and cyber represents a rapidly evolving battleground where both governmental and commercial stakeholders must innovate collaboratively to stay ahead of emerging threats. As space becomes an increasingly competitive and hostile environment, the time for action to protect these vital systems is now.