Building more cyber-resilient satellites begins with a strong network

In the current global cyber cold war, nation-states prioritize taking control of another nation’s satellite infrastructure and destroying it or rendering it useless. 

Shutting down a competing nation’s satellites stops real-time communications, cuts off situational awareness of operating units across militaries and halts navigation. Today, denying a competing nation’s access to space is quickly becoming the most dangerous weapon in the stealth world of cyber warfare.

Satellites and access to space are essential for national security. By 2030, there will be an average of 1,700 satellites launched per year and governments will continue to fund 75% of satellite manufacturing and launching. The global satellite communication (SATCOM) market size was estimated at $77B in 2022 and is expected to grow at a compound annual growth rate (CAGR) of 9.7% from 2023 to 2030.

Why satellites are strategic targets

The U.S. Defense Intelligence Agency writes in its 2022 Challenges to Security in Space report: “Space is being increasingly militarized. Some nations have developed, tested and deployed various satellites and some counter-space weapons. China and Russia are developing new space systems to improve their military effectiveness and reduce any reliance on U.S. space systems.”

The agency cites known physical and cyberattacks on ground-infrastructure, space situational awareness sensors that can monitor and target satellites and attempts at jamming navigation and communication satellites. Directed energy weapons that can blind imagery satellites, anti-satellite weapons (ASAT) missiles that can destroy low earth orbit (LEO) satellites and create dangerous debris and orbital weapons that can damage or tamper with satellites either are in development or have been deployed. 

Chinese cyber attackers have long been targeting U.S. satellites and the disruption of NOAA satellite data is are example. Nation-state attackers continue to fine-tune their tradecraft in an attempt to disrupt ground control stations, jam or spoof satellite communication links, deliver malware into satellite control systems and use AI to find new attack patterns that will go undetected.

“Hybrid satellite networks (HSNs) are increasingly becoming a target for cyberattacks because they offer unique challenges for attackers,” Jeff Hall, principal security consultant and North American aerospace lead at NCC Group, told VentureBeat.

The National Institute of Standards and Technology (NIST) explains that “the space sector is transitioning towards HSN, which is an aggregation of independently owned and operated terminals, antennas, satellites, payloads or other components that comprise a satellite system.” 

NIST framework required to reduce threat surfaces and close gaps

With competing nations stepping up their efforts to control access to space, it’s timely that NIST’s National Cybersecurity Center of Excellence has released its most recent report designed to guide the wide spectrum of space stakeholders who all contribute to the security posture of HSNs. 

NIST’s interagency report NIST IR 8441, Cybersecurity Framework Profile for Hybrid Satellite Networks provides a cross-functional framework for improving infrastructure security, hardening security for assets, data and systems, and reducing the cyber risks to HSNs.

Integrating more systems creates more breach risks, a point any CISO could readily identify with. NIST releasing their profile now indicates how high a priority it is to harden existing satellites in orbit and protect new ones under development, many of which are classified.

The interagency report provides prescriptive guidance on performing assessments, following cyber principles and detecting disturbances or corruption of HSN data and services. NIST also provides a section on responding to cyber incidents through planning and recovering for an intrusion or reach using contingency planning and restoration. The framework also covers interfaces, including antenna fields, payloads, user terminals, virtual machines and cloud-hosted software.

“Space technology — similar to manufacturing, energy and much of critical infrastructure — sits firmly in the hybrid space (software-based applications accompanied by physical systems and hardware),” Merritt Baer, Lacework field CISO told VentureBeat. “This presents unique security challenges.”

Baer pointed out that NIST has some common sense guidance in this area: Visibility of systems is imperative, and will allow defenders to see anomalies and act on them. It is critical to correlate data, create meaningful alerts and drive better security outcomes.

Encryption, hardened endpoints and IAM critical for satellite protection

Hall of NCC explained to VentureBeat that encryption must be used to protect sensitive data. This includes encrypting all data in transit and at rest and using strong encryption algorithms. He also advised implementing network segmentation and security controls to restrict traffic between segments, monitoring HSN networks for suspicious activity, using intrusion detection and prevention systems to monitor network traffic for malicious activity and having an incident response plan in place to identify, contain, eradicate and recover from cybersecurity incidents. 

Hall’s insights reflect the importance of getting basic cybersecurity hygiene right, improving identity management and hardening endpoint security. Treating every identity as a new security perimeter can help reduce the worst threat in confidential networks that build and deploy satellites: Insider attacks. Ninety-two percent of security leaders say internal attacks are as complex or more challenging to identify than external attacks.

Ivanti’s Press Reset: A 2023 Cybersecurity Status Report found that 45% of enterprises suspect that former employees and contractors still have active access to company systems and files.

“Large organizations often fail to account for the huge ecosystem of apps, platforms and third-party services that grant access well past an employee’s termination,” said Srinivas Mukkamala, chief product officer at Ivanti.

Leading IAM providers include AWS, CrowdStrike, Delinea, Ericom, ForgeRock, Google Cloud, IBM, Microsoft Azure Active Directory, Palo Alto Networks and Zscaler.

Satellites take self-healing endpoints to a new level

Achieving greater cyber-resilience starts with the design of an endpoint. In the case of satellites, they need to be able to shut themselves down, re-install system software then refresh all applications. In essence, they are the ultimate self-healing endpoint.

The same lessons learned from designing and launching a satellite need to apply to every endpoint that an HSN relies on to securely function and support satellites in orbit and those about to be launched. Securing telemetry and advanced monitoring data is essential. Endpoint providers are doubling down on AI and machine learning (ML) to improve endpoint detection, response and self-healing capabilities.

Leading self-healing endpoint providers include Absolute Software, Akamai, BlackBerry, Cisco, Malwarebytes, McAfee and Microsoft 365. The provider most satellite-like in its ability to regenerate endpoints is Absolute, which is installed in more than 500 million endpoint devices and provides security teams with real-time telemetry data on the health and behavior of critical security applications using proprietary application persistence technology.

Absolute Software’s Resilience is noteworthy for its asset management, device and application control, endpoint intelligence, incident reporting, compliance and its industry-first self-healing zero-trust platform. 

Staying at parity in the cybersecurity cold war starts with endpoints

International tensions regarding Taiwan, Ukraine and the balance of power across key regions of the world are escalating. Undoubtedly, satellites used for monitoring nations’ operations are of even more interest than what’s happening on the ground. That’s why having the NIST standard now is so important. Getting the basics of cybersecurity strategy right is a start, and ensuring every satellite — the ultimate endpoint — is secure, hardened and capable of rebuilding itself in flight is essential.