ArchiveOODA Original

Mitigating Threats to Commercial Space Satellites

The space domain is transforming into an increasingly contested and congested environment. The President has referred to it as a critical warfighting domain and in response, the Department of Defense has recently established U.S. Space Command as a unified combatant command to employ space capabilities and lead space operations. In the private sector, we have seen investments in commercial space grow exponentially as advances in technology have sparked a renewed global interest in the final frontier. In the last decade alone an estimated 500 venture capital firms have invested in space, with approximately 20% making their first investments in 2018. A recent report by Morgan Stanley also cites, “the revenue generated by the global space industry may increase to more than $1 trillion by 2040.”

As we watch companies try to set themselves apart in a crowded field by innovating quickly and cutting down costs, it is imperative that the industry still incorporate security into their space systems. Skipping out on basic security considerations to meet business deadlines will only lead to significant problems down the line. The next generation of satellites are incorporating advances in artificial intelligence (AI), big data, imaging, sensors, and advanced computing in their products. These assets will soon process enormous amounts of information, which will make them prime targets for espionage and criminal activity.

Here are a few of the key threats to consider as we continue to track developments in commercial space activity.

Counterintelligence and Espionage

The Aerospace Corporation has released a report that considers how trends in satellite imagery, artificial intelligence, and global connectivity may lead to counterintelligence concerns from near-realtime Earth imagery available to the general public. The report posits a future where we have high quality imagery from space that is coupled with AI to provide heightened analytics. Potential civil applications could result in users identifying an empty parking spot from space or tracking autonomous vehicles in smart cities. While this could open up new markets, the national security community recognizes that the same technology can be used to observe U.S. military operations and sensitive sites around the world. This type of service would not only be available to near peer adversaries, but could provide a resource for terrorist groups and criminal organizations to improve their operations.

However, imagery satellites aren’t the only thing to keep an eye on. Popularity is growing for low Earth orbit (LEO) satellite constellations that contain hundreds to thousands of connected units. Companies like SpaceX, Amazon, and OneWeb are pursuing opportunities in LEO to provide global broadband internet access, potentially competing with major providers like Verizon and AT&T. As the constellations continue to grow and process large amounts of valuable data, the attack surface will proportionally increase. We can then expect the satellites to become prime targets to adversary hacking groups. Russia and China have strategically targeted commercial satellite communications in the past, which leads us to believe this technology will be no different.

Cyberattacks

Cyberattacks to space assets can take many forms. A report by Chatham House cites, “The most common cyberthreats to the space segment, ground segment and space-link communication segment include data corruption/modification; ground system loss; interception of data; jamming; denial of service; masquerade (spoofing); replay; software threats; and unauthorized access.” Some of the effects may be temporary but it is possible to cause permanent damage to the satellite, particularly if the command and control system is compromised. Even well maintained satellite constellations are at risk, as seen by the cyberattacks to the U.S. Global Positioning System which operates on a multi-billion dollar annual budget.

Small satellites (smallsats) have also become increasingly vulnerable to cyberattacks due to a trend in using commercial-off-the-shelf (COTS) components to save on costs. NASA has produced technical guidelines to verify COTS parts, writing in some cases COTS technologies have not been fully vetted for operation in a space environment, are still inserted into space hardware, and cause risks to spaceflight systems. Companies should recognize the security considerations for COTS software and prioritize testing and maintenance for the lifetime of the satellite. This is critical because COTS products undergo frequent security updates and will require continuous patching and monitoring for malicious activity.

Additionally, the U.S. and its allies continue to outsource military operations to commercial satellites which present a growing set of cybersecurity concerns. It is often the case that these commercial satellites do not have the same security standards and are more vulnerable to attacks from well-resourced nation states. Of note, China and Russia have prioritized electronic warfare and cyberattacks to disrupt adversary satellite communications. Defense Secretary Mark Esper told the Senate during his confirmation hearing, “We anticipate that adversary nations are unlikely to discriminate between U.S. military satellites and commercial satellites providing services to the U.S. Government, in the event of a conflict.”

Orbital Debris

20,000 satellites are predicted to orbit the Earth in the next decade, compared to the 2,000 active ones we have now. Smallsats will account for the majority of the systems, providing a range of services such as global broadband communications, remote imaging, and more. While overcrowding may seem like the issue, companies should additionally be thinking about where their satellite constellations are concentrating. Ted Muelhaupt, associate principal director for The Aerospace Corporation has noted, “If you launch enough satellites to the same altitude, you create something like a shell. Anybody who crosses that shell, particularly if they cross it repeatedly, is going to come close to one of your satellites sooner or later. In one study, we were looking at dozens of conjunctions with the larger constellation per day.”

The space community will need to pay close attention to even the tiniest fragments of “space junk”. Back in 2016, the European Space Agency (ESA) noted that a paint flake or metal fragment no bigger than a few thousandths of a millimeter caused a noticeable crack in the International Space Station. The ESA estimates there are roughly 128 million objects in space that are less than a centimeter in size. Constellations in LEO will operate in an accelerated rate of decommissioning and replacement, which will contribute considerably to the trackable debris.

What’s Next?

Society depends on critical space assets for just about every facet of modern life. However, the security considerations for satellite systems have historically been an afterthought. We can always expect malicious actors to attack systems through their weakest link and space assets have become just that. Companies who deploy space assets should constantly assess their risk. It’s also just as important for businesses who rely on satellite services (almost all of them!) to identify their dependencies and have an informed picture of space-based risks.

To learn more about what your business should do, check out our resource on What Business Needs To Know About Security In Space.

For more on related topics see:

Cindy Martinez

Cindy Martinez

Cindy Martinez has spent her career focusing on cutting edge and complex issues at the forefront of national security. She served 5 years at the Department of Homeland Security where she advised senior leadership on cybersecurity and emerging technology trends. She also negotiated policies and recommended solutions in order to create new Federal initiatives and evaluate the U.S. Government’s effectiveness in areas such as artificial intelligence, offensive cyber operations, vulnerability disclosure, and the national security space domain. She is an analyst with OODA LLC , which publishes CTOvision.com and OODAloop.com.