Sunday, November 5, 2023

The Dark Side of the Space Race: Cyber Attacks on Satellites and Low Earth Orbit Constellations. – International Defense Security & Technology

On 2022-11-27: New Sandworm ransomware ESET discovered a new ransomware strain named RansomBoggs that was deployed against Ukrainian organizations the previous week. ESET said it linked the ransomware to a threat actor known as Sandworm, one of Russia’s military cyber units.

The Dark Side of the Space Race: Cyber Attacks on Satellites and Low Earth Orbit Constellations. – International Defense Security & Technology

idstch.com

Rajesh Uppal

The space race is back on. In recent years, there has been a renewed interest in space exploration, with private companies like SpaceX and Blue Origin vying to send humans back to the moon and beyond. But while the space race is often seen as a competition for technological superiority, it also has a dark side: the risk of cyber attacks on satellites. In this article, we will explore the dark side of the space race and the rising threat of cyber-attacks on satellites and low earth orbit constellations.

In recent years, we have witnessed unprecedented growth in the use of satellites and low earth orbit constellations for various purposes such as communication, navigation, and monitoring of the earth’s surface. As our reliance on these space assets increases, so does the risk of cyber-attacks against them. Hackers and malicious actors increasingly target these assets to disrupt critical services and cause damage.

Satellites are increasingly vulnerable to cyber attacks. As they become more interconnected, they offer more potential targets for hackers. In addition, the fact that satellites are often located in remote areas makes them difficult to physically secure.

Historically Space assets were mostly either unprotected or had minimal protection against cyber-attack. For example, the Iridium satellite network that was built in the 1980s, the messages are sent in plaintext format using the GSM standard, whose specification is completely public. Today, components, such as the software-defined radio can be brought of the shelf that the Chaos hackers used to eavesdrop on Iridium’s unencrypted messages.

The military is also critically dependent on Space assets their communications, situational awareness, Navigation, and timing. Military strategic and tactical missile systems rely on satellites and the space infrastructure for navigation and targeting, command and control, operational monitoring and other functions. However, insufficient attention has been paid to the increasing vulnerability of space-based assets, ground stations, and associated command and control systems.

Vulnerabilities abound even in highly sensitive systems, such as civilian and military satellite constellations that are used for communications, navigation, time synchronization for distributed systems (think “power grid”), weather forecasting, and deterrence weapon systems.

For example, many military constellations rely on encrypted transmissions from the ground-control segment to the spacecraft, but have no further defenses, such as least permissions, intrusion detection, and mitigation, should an attacker manage to circumvent the encryption.

Meanwhile, malicious cyber activity is constantly evolving, and cyberattackers are becoming ever more imaginative. From compromising the software in-ground systems and stealing sensitive data to jamming satellite signals, hacking in-orbit satellites, and using spy satellites, their techniques are becoming more and more innovative and can have significant consequences for civil and military users.

One of the primary motivations for cyber-attacks on satellites and low earth orbit constellations is the potential for economic and strategic gain. Satellites and low earth orbit constellations are used by a range of industries, from finance to military, and the ability to disrupt these systems can cause significant damage to these sectors. Nation-states, in particular, may seek to target these assets as part of their efforts to gain a competitive advantage over other countries.

Another motivation for cyber-attacks on satellites and low earth orbit constellations is the potential for causing damage or destruction. A successful cyber-attack on a satellite or low earth orbit constellation can potentially disrupt or disable the system, leading to significant consequences. In addition, a targeted attack could also result in the release of sensitive data, compromising the privacy and security of individuals and organizations.

The methods used in cyber-attacks on satellites and low earth orbit constellations can vary, but they typically involve some form of remote access to the system. Hackers may seek to exploit vulnerabilities in software or hardware components to gain access to the system, or they may use social engineering tactics to trick individuals into giving them access. Once inside the system, attackers may seek to disrupt or disable the system, steal sensitive data, or use the system to launch further attacks.

The consequences of a successful cyber attack on a satellite could be devastating. For example, an attack could disrupt communications, disable navigation systems, or even destroy a satellite. In some cases, a cyber attack could even have a cascading effect on other satellites in a constellation

Cyberattacks on satellites could cause disruption to internet services and loss of connectivity can disable remotely controlled systems (a wind farm was shut down in a recent attack). Loss of positioning signals can disrupt air transport, road traffic and shipping, but can also affect the synchronization signal needed for banking transactions and other operations relying on very low-latency networks. Interference with satellite imagery services can compromise military intelligence and invalidate scientific studies by altering their source data. Cyberattacks can undermine the integrity of strategic weapons systems, destabilize deterrence relationships and obfuscate the originator of the attack without creating the debris problem that a physical attack would cause.

For deeper understanding of Satellite Cyber security please visit: Satellite Cybersecurity: Cryptographic Capabilities and Requirements

Recent Cyber Attacks on Satellites

One of the primary cyber security threats facing satellites and low earth orbit constellations is the risk of cyber-attacks. These attacks can be carried out by a range of actors, including nation-states, criminal organizations, and lone individuals. The methods used in these attacks can vary, but they can include malware, denial of service attacks, and other forms of cyber-espionage. Once a cyber-attacker gains access to a satellite or low earth orbit constellation, they can potentially disrupt or even disable the system, causing significant damage.

Some of the recent cyber attacks reported in media are

  • In April 2021, the Russian government was accused of conducting a cyber attack on a French satellite operator, resulting in the disruption of several satellite-based services. The attack was believed to have been carried out by a group of hackers known as “Sandworm,” which has been linked to the Russian government.
  • In May 2021, it was reported that a Chinese hacking group known as “Tonto Team” had targeted multiple satellite communications companies in the United States, Europe, and Southeast Asia. The group reportedly used a variety of tactics, including spear-phishing emails and social engineering, to gain access to the companies’ networks.
  • 2019 Hack of the US Air Force’s GPS System
    In January 2019, the US Air Force’s GPS system was hacked. The hackers were able to disrupt the GPS signal for a short period of time.The US government has not said who was behind the hack, but it has said that it is investigating the matter. The hack is a reminder of the growing threat of cyber attacks on critical infrastructure.
  • 2022 Viasat Cyberattack
    On February 24, 2022, just hours before Russia launched its invasion of Ukraine, a massive cyberattack took down a satellite internet network operated by Viasat. The attack affected tens of thousands of users in Ukraine and other parts of Europe, including wind farms and government agencies.

The United States, the European Union, and the United Kingdom have all blamed Russia for the cyberattack. The US government has said that the attack was “deliberate, isolated, and external” and that it was “likely intended to support Russia’s ongoing invasion of Ukraine.”

  • 2021 Hack of the Indian Space Research Organisation (ISRO)

In October 2021, a group of hackers called “LulzSec India” claimed to have hacked into the Indian Space Research Organisation (ISRO). The hackers claimed to have stolen sensitive data, including blueprints for satellites and rocket engines.

The Indian government has not confirmed the hack, but it has said that it is investigating the matter. The hack is a reminder of the growing threat of cyber attacks on space agencies.

  • 2020 Hack of the European Space Agency (ESA)

In June 2020, the European Space Agency (ESA) was hit by a cyberattack. The attack disrupted the ESA’s website and email systems.

The ESA has not said who was behind the attack, but it has said that it is investigating the matter. The hack is a reminder of the growing threat of cyber attacks on space agencies

Because cyber technologies are within the grasp of most states (no matter how small or impoverished) and non-state actors, they level the strategic field and create hitherto unparalleled opportunities for small belligerent governments or terrorist groups to instigate high impact attacks,” the Office of the President of the United States stated in their 2011 International Strategy for Cyberspace.

China developing sophisticated cyber attack capability

According to a leaked US intelligence report reviewed by the Financial Times, China is building advanced cyber weapons to take control of enemy satellites during wartime, rendering them useless for data signals or surveillance. The US assesses that China’s push to develop such capabilities is a core part of its goal to control information, which it considers to be a key “war-fighting domain.”

The CIA-marked document indicates that China’s cyber capability far exceeds anything Russia has deployed, with China attempting to mimic the signals received by enemy satellites to trick them into being taken over or malfunctioning during crucial moments in combat. US military officials have warned that China has made significant progress in developing military space technology, including in satellite communications.

China’s military has deployed 347 satellites, including 35 launched in the past six months, aimed at monitoring, tracking, targeting and attacking US forces in any future conflict. China is making huge efforts to counter the asymmetric advantage that the US had in the cyber and space domains.

China’s goals, according to the leaked assessment, are far more advanced. They would seek to knock out the ability of satellites — which tend to operate in interconnected clusters — to communicate with each other, to relay signals and orders to weapons systems, or to send back visual and intercepted electronic data, according to experts.

General B Chance Saltzman, commander of the US Space Force, told Congress  that Beijing was aggressively pursuing counter-space capabilities in an effort to realise its “space dream” of becoming the foremost power beyond the Earth’s atmosphere by 2045.

To defend against these cyber threats, it is critical to implement strong security measures. Encryption protocols should be in place to protect data transmitted between ground stations and satellites, and regular software and hardware updates should be carried out to address any vulnerabilities or security flaws. Access controls and intrusion detection systems should be implemented to prevent unauthorized access to systems, and regular security audits and testing should be conducted to identify and address weaknesses in the system.

In conclusion, the dark side of the space race is the growing threat of cyber-attacks on satellites and low earth orbit constellations. These assets are critical to the functioning of modern communication, navigation, and monitoring systems, and their security is essential to ensure continued global connectivity and security. By implementing strong security measures, we can help to defend against cyber threats and protect the integrity of these critical space assets.

References and Resources also include:

https://www.ft.com/content/881c941a-c46f-4a40-b8d8-9e5c8a6775ba

 

 

No comments:

Post a Comment

Breakthrough in Satellite Error Correction Improves Space Communications

Typical LEO Architecture and Segments Spectra of some LEO Link Losses Breakthrough in Satellite Error Correction Improves Space Communicatio...