View Part 1 in this series, Introduction to New Space.
The growth of the New Space economy, the innovation in technologies and the emergence of various private firms have contributed to the development of the space industry.
Despite this growth, there has also been an expansion of the cyberattack surface of space systems.
Attacks are becoming more and more sophisticated and affecting several components of the space system’s architecture.
Threat actors’ methodology
Every space system architecture is composed of three main components that are responsible for different functions: ground segment, space segment and communications. Each component can be hacked by an adversary.
Most attacks and vulnerabilities are related to communication links, such as radio frequency links or the ground system in general.
From an attacker’s perspective, the following model, Lockheed Martin’s cyber kill chain, identifies what the adversaries may complete to achieve their objective.
Lockheed Martin cyber kill chain
First, the adversary uses the reconnaissance technique to obtain information on the target. He can use Open Source Intelligence (OSINT) or harvesting emails to achieve that goal.
Second, the weaponization technique is deployed, combining the objective with an exploit and commonly results in a deliverable payload — like an exploit with a backdoor, for example.
The third phase is to determine how the weaponized function will be delivered to the target — via email, for example.
Then, the adversary exploits the target’s system to execute code.
In the sixth phase, the adversary installs a malware or another tooling, like mimikatz.
After that, we come to the command and control (C2) phase, which allows the attacker to control the compromised target from a remote central controller, like Cobalt Strike or Empire.
And finally, the adversary can launch some actions on objectives, such as ransomware deployment or data exfiltration.
Let’s now take a closer look at cyber threats to space systems.
Ground segment threats
Ground stations and terminals have a role in data collection. As a result, they are under threat of cyber espionage from state and non-state actors.
Most cyberattacks against the ground segment exploit web vulnerabilities to allow attackers to lure ground station personnel into downloading malware or Trojan horses to ground station computers.
Breaking into the ground station network gives the attacker access to the satellite itself. Once inside the ground station network, attackers can gain access to the satellite itself and perform denial of service (DoS) attacks, as well as hijack industrial control systems (ICS) to control and damage the satellites.
A report published by the NASA Office of Inspector General revealed that in April 2018 threat actors breached the agency’s network and stole approximately 500 megabytes of data related to Mars missions.
The point of entry was a Raspberry Pi device that was connected to the IT network of the NASA Jet Propulsion Laboratory (JPL) without authorization or going through the proper security review.
Ground segment systems are facing many cyber threats and various attack vectors that can be leveraged for compromising these systems.
Threats to COTS
Commercial off-the-shelf (COTS) products are ready-made hardware or software that can be purchased and designed to be easily installed and interoperate with the existing system. Nowadays, space COTS components support New Space technology development with their qualification for small satellite missions, like CubeSats missions.
Unfortunately, COTS software, which is used in space applications, is very risky and presents a tempting point of attack for threat actors.
These components are well known and widely available, and we can find public information related to their security, including configurations, vulnerabilities, software versions and more.
This information is shared among the cyber adversary community.
As a result, COTS components are targets of different attacks, like system modification, DoS and data breach attacks.
Unauthorized access
Unauthorized access can be done by compromising the physical or logical security measures and gaining access to the ground segment assets. This attack can lead to the theft of sensitive data that can be used, for example, against a mission operation.
Data manipulation attacks
These attacks are intended to steal controlled information or to destroy the integrity of different data types. A typical use case is to corrupt data and send wrong commands to the command and data handling (C&DH) on the spacecraft to compromise the mission.
Supply chain attacks
The space field is extremely sensitive to cyber-enabled supply chain attacks. The space supply chain commercialization in the New Space era and its sustainability increases the risk of being targeted by cyber threats.
A supply chain attack will seek to harm an organization by targeting the less secure elements of the chain, resulting in unauthorized access to data and systems and the leaking of software and tools. At this stage, the adversary can take advantage of these vulnerabilities and some exploits, then he can, for example, create a backdoor in the embedded system of supply chain microelectronics devices.
Computer network exploitation
Computer network exploitation (CNE) is a breach of the network that the ground segment is connected to. CNE refers to attackers’ aptitude to attack and exploit vulnerable assets to steal data or gather intelligence about targets to figure out how they work and how they are configured. It’s about spying and reconnaissance.
Cloud platforms attacks
The New Space era is marked by the expansion of cloud infrastructure use. Various space ventures are leveraging cloud service providers’ infrastructure. With cloud technologies, space missions can be designed, tested, executed, and analyzed in an easy and affordable way.
However, cloud service providers have regular outages or disruptions among their networks due to cyberattacks. These attacks can look like cloud abuse (access to cloud storage data by hacking a virtual machine); a Distributed Denial of Service attack (DDoS) on cloud public exposing services; and attacks related to insider threats (e.g., data exfiltration and credential theft).
Space segment threats
Like ground systems, the space segment is also a recognized cyberattack target.
Space vehicle vulnerabilities generally originate from compromised ground stations to network components where threat actors can breach the network.
Satellites are targets of Man in the Middle (MitM), Zero-Day and ransomware attacks.
ROSAT, the US-German satellite, is one example of such an attack.
Threats to COTS
As explained earlier, COTS are reliable solutions for space ventures.
COTS hardware, or plastic encapsulated microcircuits (PEM) of electronic parts, are used onboard Smallsats satellites, such as CubeSats.
Many CVE vulnerabilities are related to the COTS component and can be exploited by adversaries.
Once in orbit, satellite maintenance becomes an increasingly complex operation; and with the COTS shorter product life cycle, hardware obsolescence becomes a major concern for satellite cybersecurity.
Threats to GN&C
Guidance, navigation and control (GN&C) is a system that includes the components that are responsible for satellite position determination and the components used by the Attitude and Orbit Control System (AOCS), also known as the Attitude Determination and Control System (ADCS).
GN&C is used to avoid satellite collisions with space objects and fall into the earth’s atmosphere. In some cases, this system is necessary for maintaining the satellite in an adequate position when it communicates with the ground station.
As such, attackers will attempt to compromise the GN&C system for the purpose of creating wrong navigation data and to impede the capability to navigate.
In addition, software that is used in GN&C systems may contain some vulnerabilities that can be exploited by adversaries to penetrate the system, compromise the integrity of sensors (onboard satellite) data, and cause a navigation system outage.
Threats to SDR
Software defined radio (SDR) is the component that allows the satellite to communicate with the ground station, both for transmitting and receiving signals.
It’s responsible for receiving a radio wave signal from the ground station and converting it into a communication stream, and vice-versa, known as modulating and demodulating a signal.
The SDR technology offers on-orbit configurability and reduces the mass and size of the communication system.
An adversary can send malformed packets to the SDR component to perform the buffer overflow attack and gain unauthorized access.
In addition, most of the SDR’s architecture, used by NASA JPL and other space agencies, includes the POSIX Operating System at the kernel level. There are critical vulnerabilities related to POSIX OS, which allow the attacker to execute arbitrary commands and gain unauthorized access.
Once SDR access is gained by an attacker, he can modify the legitimate frequencies and settings related to the communication with the ground station; thus, he makes the satellite communicate on a different frequency than expected.
The SDR component is also part of the ground station architecture.
Threats to EPS
An electrical power system (EPS) is a critical component for the success of a space vehicle operation. Without power, the satellite can’t run any function; it cannot fly nor communicate with ground stations. Especially for CubeSats, with their low-power nature, they are susceptible to attacks that target their EPS.
Adversaries can use the DoS attack. The goal of the attacker is not to flood the CubeSat or the communication channel, but to clog the CubeSat command queue with useless processes. Consequently, these unnecessary process executions consume the limited power of the CubeSat.
Communications threats
The largest number of space cybersecurity incidents has been related to communication attacks.
The biggest weakness in satellites that makes them exploitable is the usage of long-range telemetry for communication with ground stations.
Additionally, satellite uplinks and downlinks are often transmitted and can be easily accessed. (9)
Jamming
Jamming is the method of disrupting or interfering with the communication between the ground segment and space segment. It overpowers legitimate signals with an even stronger signal (noise signal) to drown out the regular frequency.
In March 2022, SpaceX’s Starlink satellite, which was deployed as an internet service provider in a region, was a target of a jamming attack.
Attackers can easily buy their own jammer on e-commerce websites; most of the jammers used are SDRs.
Spoofing
Spoofing is an attack that manipulates the data communication between the satellite and the ground station and thus changes its integrity. Spoofing is a more sophisticated interference method than jamming. The attacker tricks the system by transmitting a false signal, which appears as an authentic one.
One of the most popular spoofing attacks is against GNSS satellites (GPS systems, for example), which provide positioning and timing data to GNSS receivers (a smartphone, for example) to determine their locations.
Eavesdropping
Eavesdropping is the concept of a man-in-the-middle attack. It’s when an attacker listens and intercepts data and communications exchanged between the ground station and the satellite, and vice versa.
Satellites broadcast radio frequency (RF) signals back to earth to be received by ground stations. Most of the time, the data sent over these signals isn’t encrypted or uses a weak encryption cipher.
In this case, an attacker can use the right equipment to intercept this exchanged data without the necessity to be close to the ground receiver.
Hijacking
Hijacking is gaining unauthorized control of a satellite to transmit the attacker’s signal. This signal can override or alter the legitimate transmitted data.
Hijack attacks are very common for media broadcasts. In 2013, emergency alert systems of TV stations in Montana and Michigan were hacked and the attackers broadcast a report of a zombie invasion.
The Satellite TCP hijacking attack is an example of a communication hijack attack. The attacker can hijack the TCP session, get all the session details, and then masquerade as an authorized component to communicate.
Conclusion
Each component of the space system design can be targeted by a cyberattack. Cyber threats to space systems are real and must be taken seriously. However, what measures can be taken to enhance the security of the space system? We’ll find out in Part 3 of this series.
Technical Specialist, Threat Management, IBM Security