Why Hacking Has Gone Off World
As the importance of satellite communications has grown, so too has the importance of protecting those satellite systems, with threats that range from hackers to solar weather, said experts at this month’s RSA Conference.
For example, last weekend’s solar storm was more than just a pretty light display — it was also a major disruption and reminder of how dependent society is on reliable satellite connections. The solar flare was a serious problem for farmers who depend on precise GPS readings to guide their tractors, 404 Media reported. Unable to trust systems, many were forced to stop planting during a key part of the season.
Solar flares are becoming “more and more problematic” as daily life relies ever more on space-based technologies, said Manan Dalal, assistant CIO-satellites for the National Environmental Satellite, Data and Information Service (NESDIS), during the RSA Conference.
Satellite disruptions can affect everything from making global phone calls to predicting daily weather and forecasting where hurricanes will make landfall, Dalal said. A solar flare in 2023 disrupted radios worldwide, and one village in New York has already been planning for continuity should a future event like a major solar flare cause a monthslong Internet outage.
And space weather isn’t the only threat — nation-states are increasingly interested in disrupting other nations’ communications by targeting their space systems, which can effect military operations, said Mieke Eoyang, deputy assistant secretary of defense for cyber policy at the Department of Defense, during the same panel. One example is Russia’s hack on the Viasat satellite network serving Ukraine.
Given the risks, governments need to ensure they can issue early warnings before significant solar events hit, Dalal said, and several panelists said more must be done to strengthen space cybersecurity.
Protecting space systems requires securing each of three tech layers: the technology on the ground, the equipment in orbit and the tech providing communication linkage between the two.
The ground side involves systems for processing data and disseminating information, Dalal said. But these are also the systems that are easiest for hackers to penetrate, Eoyang noted. That makes it especially important to ensure strong authentication methods are in place, technology is secure by design and other key cybersecurity principles are followed.
Meanwhile, communication between instruments in orbit and the ground systems must be encrypted and safeguarded against attacks like jamming or spoofing, Eoyang said.
Equipment in orbit also faces threat from external conditions. Making this tech safer could mean establishing international norms prohibiting anyone from conducting debris-causing activities in space, Eoyang said.
One challenge, however, is that significant technological advances are likely to occur during the 10 to 15 years that a satellite might remain in orbit, making obsolescence a serious problem, Dalal said.
“Once you launch the satellites into orbit, it’s operational: We can’t send somebody up there to fix any issues,” Dalal said. “… You have to create systems where you need to accommodate for a little bit of these technology changes. One recent example I can give you: What happens when we’re in the post-quantum world? Well, [for] our encryption systems up in space, I can’t go up there and start working with them.”
When it comes to space cybersecurity, government cannot do it alone.
Much of space tech is procured from vendors, and so government and industry need to communicate closely. Companies should share details about threats they’re seeing, and government should share back actionable intelligence, Eoyang said. The Space Information Sharing and Analysis Center, or Space ISAC, is one effort to share space threat intelligence across the public and private sectors.
Policymakers in the U.S. haven’t yet set consistent, baseline cybersecurity requirements, which leaves companies to make their own, varying interpretations, said Tahara Dawkins, chief of staff at the National Space Council, during the panel.
But a federal interagency committee is currently working to craft minimum cybersecurity requirements for “federally procured national security civil space systems,” which are due out this summer, Dawkins said. Also in the works: an implementation plan that will detail specific steps for putting into place the space system cybersecurity principles outlined in the Space Policy Directive-5.