Joint Air & Space Power Conference 2020

Leveraging Emerging Technologies in Support of NATO Air & Space Power

Conference Read Ahead

Cyber Threats to Space Systems

Current Risks and the Role of NATO

By Ms Gil Baram and Mr Omree Wechsler, Tel Aviv University

 

A growing reliance of civil and military sectors on space services has led to a growing array of cyber threats to space systems. Amid the growing threat landscape to the space sector, NATO may assume a leading role in coordinating a comprehensive unified framework to address the emerging challenges.

The Weaponization of Space: a Worrisome Trend

Recent years have seen a growing arms-race in space, with nations striving to develop and test offensive space capabilities, and space force-building processes taking place within their militaries:1 In December 2018, the US Air Force’s National Air and Space Intelligence Center published a report, arguing that both China and Russia are developing space weapons.2 During 2019 the US and France have established dedicated space commands.3 In March 2019, India conducted its first test of an anti-satellite weapon. The case of India, a country without a history of offensive space activities, illustrates the magnitude of the space arms-race. With space becoming increasingly weaponized, the vulnerabilities of space systems, initially built without basic or sufficient security mechanisms, are becoming both apparent and dangerous, rendering them exposed to cyber threats.

In December 2019, NATO foreign ministers formally declared space as an ‘operational domain,’ extending the alliance’s range from land, sea, air and cyberspace to operations in space. Cyber threats to space systems run the wide range from vulnerabilities in the physical ground and space segments to the satellites’ data links and supply chains. As cyber warfare and hybrid threats become the ‘weapon of choice’ for state and non-state actors, and global economy and daily life grow increasingly dependent on space, space systems may well become the next front in cyber conflict.

This paper suggests a comprehensive approach to this threat landscape, and offers integrated strategic solutions for the cyber defence of space systems.

Existing Cyber Threats to Space Assets

Space systems are usually divided into three technological and operational segments, which are responsible for different functions and are therefore exposed to different cyber threats: the ground segment, the space segment, and the link segment.

The ground segment consists of all the ground elements of space systems and allows command, control and management of the satellite itself and the data arriving from the payload and delivered to the users.4

Due to their role in collecting data, the ground stations and terminals are exposed to the threat of cyber espionage from states and non-state actors. Moreover, the military aspect of satellites and their importance to national security render them prime targets for hostile takeover, disruption and shutdown. Most cyberattacks on the ground segment exploit web vulnerabilities and allow the attacker to lure ground station personnel to download malwares and Trojans to ground stations’ computers.5

Infiltrating the ground station’s network can allow the attackers to access the satellite itself. Hostile access could enable the attacker to execute a Denial of Service (DoS) attack6 and may involve taking over Industrial Control Systems (ICS) in order to control the satellite and damage it.7

The space segment consists of the satellites themselves. Major security gaps within satellites’ architecture exist in both old and new satellites. Old satellites with life spans of decades were built with no awareness for cyber security; today, small satellites manufacturers tend to prioritize fast and cheap production, in which the investment in cyber security is perceived as a hurdle.

Cyber threats to space segments usually derive from vulnerabilities in ground stations, in network components, and in the receivers which receive the data from the satellite, thus allowing the attacker to infiltrate to the network and remain undetected. Another threat may involve the introduction of a malware into the satellite’s hardware in the supply chain, in order to compromise ground units at a later stage.8

Consequences of cyberattacks on satellites could also be aggravated due to the rising connection and use of Internet of Things (IoT) devices. An attack on a communication satellite could cause wide disruptions to communication channels across countries, cause panic, and endanger national security.9

The link segment consists of the signal transmission between the satellite and the ground station, as well as between satellites.

The most common threat is GPS jamming. As GPS systems rely on radio signals sent from the satellite in order to determine the location of the users, GPS jammers send signals over the same frequency as the GPS device, in order to override or distort the GPS satellite signals. GPS jammers are widely accessible and cheap to purchase, rendering them available also to poorer state-actors. In November 2018, Russia was suspected of disrupting GPS signals in northern Norway and Finland as the two nations participated in NATO’s Trident Juncture exercise.10 Another type of attack is ‘spoofing’ – faking signals by broadcasting incorrect GPS signals, structured to resemble genuine ones. Spoofing is harder to carry out than jamming, but if executed effectively, can be much more dangerous, mainly because the victims do not necessarily know that they are being spoofed. According to a 2017 US Maritime Administration report, the GPS systems of at least 20 ships were spoofed, leading the ships 32 kilometres inland to the Gelendzhik Airport in the Black Sea, away from the original destination. The incident raised assumptions among experts that Russia had been experimenting new GPS spoofing techniques as part of its electronic warfare capabilities.11

While some experts define jamming and spoofing as physical threats as they involve disrupting or tampering with frequency signalling, an attacker could also intercept unencrypted satellite traffic.

As cyber threats are becoming more substantial, the lack of procedures and policies is hampering efforts to mitigate the threats. However, several solutions have been suggested in recent years.

Threat Response and Mitigation

Mitigating cyber threats to space systems can be divided into technological solutions, which consist of introducing new technologies as well as upgrading existing ones, and policy solutions, which consist of actions and protocols of conduct.

Technological Solutions

In response to the rising cyber threats to space systems, many state agencies, contractors and commercial companies have started developing new technologies, or upgrading existing ones which were not secured by design. In December 2018, Lockheed Martin was awarded a US Air Force contract to modernize GPS ground control systems to support an anti-jamming GPS signal named M-Code, which will allow the Air Force to continue operating the GPS3 constellation with existing ground systems until 2025.12 In January 2019, NASA announced that it would start testing an open-source Blockchain platform in order to address potential issues of privacy and to prevent spoofing, DoS and other attacks.13

In March 2019, Lockheed Martin announced it had developed a new software-defined satellite architecture called SmartSat as a space segment solution, which will enable more capabilities and greater control of in-orbit satellites for ground operators. This architecture is expected to gain operators greater precision in diagnosing problems such as cyber incidents, as well as to allow satellites to back each other up. Operators will also be able to update on-board cyber defences to address new threats.14

While the technological solutions being developed will mitigate cyber threats, these tend to address very particular threats. In addition, being provided by a host of different entities, these are difficult to bring together within a unified, coordinated framework. A comprehensive problem requires a comprehensive, unified and systematic policy solution to guide the efforts to protect space assets and services.

Policy Solutions

As the military space sector increasingly relies on commercial technologies, a comprehensive policy solution should focus on commercial space companies and government acquisition contracts. A possible solution which could include both civilian and military space assets and activities would be introducing strict cybersecurity requirements for all components of space systems and their supply chains. A recent example of such requirements is the Cybersecurity Maturity Model Certification (CMMC) which was introduced by the US Department of Defense for all defence contractors, including small vendors.15 A smart model system which defines different levels of requirements for different products and technologies would demand a high-security level for inherently vulnerable products, without imposing a disproportionate burden on smaller companies. Such a model of cybersecurity standards should be a threshold condition for bidding for government contracts. Additionally, employing strict standards in government contracts is likely to usher in changes across the whole industry, and will therefore help promote the security of commercial and off-the-shelf technologies.

The Role of NATO

NATO as an Alliance was founded for providing a collective defence and cooperative security for its member states. So far, research has suggested that the EU may prove a more suitable entity for promoting new industrial approaches, due to its economic and regulatory authorities.16 However, NATO has an important role to play in any inclusive comprehensive solution due to the importance of the US. Any industry standards mechanism should include the US space industry, as Europe’s production relies heavily on US-produced components and technologies which should endeavour to design for trans-Atlantic interoperability17. NATO’s leading role as a coordinator and mediator is crucial, as the US is likely to resist any standards mechanism that would push American vendors out of the European space market. NATO’s role would therefore derive from its position as a transatlantic alliance with connections to both Europe and the US, and its ability to require common standards and compliance across the alliance. As a unified standards mechanism should be agreed by all member states, NATO could act as a forum for negotiations between its member states and the industry, as well as between Europe and the US. Discussions and consultations as well as further research can take place in conjunction with NATO’s Industry Advisory Group (NIAG) and NATO’s Industry Cyber Partnership (NCIP), as final results would be incorporated into the NATO Defence Planning Process (NDPP).

Endnotes
1. Shapira, Z., & G. Baram, ‘The Space Arms Race: Global Trends and State Interests,’ Cyber, Intelligence, and Security, vol. 3, no. 2, 2019, pp. 3-5.
2. National Air and Space Intelligence Center, Competing in Space (website), Dec. 2018, pp. 14-15, https://www.airforcemag.com/PDF/DRArchive/Documents/Competing%20in%20Space.pdf (accessed 20 Feb. 2020).
3. Burns, R., ‘Trump declares new Space Command key to American defense,’ AP News, https://apnews.com/19f021f991844b348dc716f6f8851f7c, 30 Aug. 2019, (accessed 10 Feb. 2020); A. Liptak, ‘France’s Air Force is getting a space command,’ The Verge, https://www.theverge.com/2019/7/13/20693087/france-military-air-force-space-command-president-emmanuel-macron, 13 Jul. 2019, (accessed 10 Feb. 2020).
4. Elbert, B., The satellite communication ground segment and earth station handbook, Artech House, Boston, 2014, pp. 1-3.
5. Bichler, S., ‘Mitigating cyber security risk in satellite ground systems’, a research report submitted to the faculty in partial fulfillment of the graduation requirements, Apr. 2015, pp. 13-14, https://apps.dtic.mil/dtic/tr/fulltext/u2/1012754.pdf (accessed 10 Feb. 2020).
6. Hutchins, R., ‘Cyber Defense of Space Assets’, Tufts University, 2016, p. 13, http://www.cs.tufts.edu/comp/116/archive/fall2016/rhutchins.pdf (accessed 10 Feb. 2020).
7. Livingstone, D. & P. Lewis, ‘Space, the Final Frontier for Cybersecurity?’. Chatham House, https://www.chathamhouse.org/sites/default/files/publications/research/2016-09-22-space-final-frontier-cybersecurity-livingstone-lewis.pdf, 2016, pp. 22-23, (accessed 11 Feb. 2020).
8. Ibid. 5.
9. Werner, D., ‘Who’s keeping satellites safe from cyberattacks?’. SpaceNews, https://spacenews.com/whos-keeping-satellites-safe-from-cyberattacks/, 19 Apr. 2017, (accessed 13 Feb. 2020).
10. Woody, C., ‘Finland and Norway are telling airline pilots to be ready to fly without GPS, and some think Russia is up to something’, Business Insider, https://www.businessinsider.com/finland-norway-tell-pilots-to-fly-without-gps-and-some-blame-russia-2018-11, 9 Nov. 2018, (accessed 13 Feb. 2020).
11. Hambling, D., ‘Ships fooled in GPS spoofing attack suggest Russian cyberweapon’, NewScientist, https://www.newscientist.com/article/2143499-ships-fooled-in-gps-spoofing-attack-suggest-russian-cyberweapon/,10 Aug. 2017, (accessed 15 Feb. 2020).
12. Erwin, S., ‘Air Force to upgrade existing GPS ground control system while next-generation OCX lags.’ SpaceNews, https://spacenews.com/air-force-to-upgrade-existing-gps-ground-control-system-while-next-generation-ocx-lags/, 9 Jan. 2019 (accessed 15 Feb. 2020).
13. Kaur, N., ‘NASA adopts Blockchain to battle aerospace cyber attacks’. CryptX, https://cryptx.eu.com/nasa-adopts-blockchain-to-battle-aerospace-cyber-attacks/, 19 Feb. 2019, (accessed 15 Feb. 2020); T. Fish, ‘NASA embraces bitcoin BLOCKCHAIN tech to battle aerospace cyber attacks’. Express, https://www.express.co.uk/news/science/1073236/nasa-bitcoin-blockchain-crypto-cyber-attacks, 16 Jan. 2019, (accessed 15 Feb. 2020).
14. Hill, J., ‘Lockheed Martin Accelerates Transition to Software-Defined Space’, Via Satellite, https://www.satellitetoday.com/innovation/2019/03/21/lockheed-martin-accelerates-transition-to-software-defined-space/, 21 March 2019, (accessed 15 Feb. 2020).
15. Office of the Under Secretary of Defense for Acquisition & Sustainment. Cybersecurity Maturity Model Certification. https://www.acq.osd.mil/cmmc/ (accessed 2 Jun. 2020).
16. Besch, S., ‘The European Commission in EU Defense Industrial Policy,’ Carnegie Endowment for International Peace, https://carnegieeurope.eu/2019/10/22/european-commission-in-eu-defense-industrial-policy-pub-80102, Oct. 2019, (accessed 16 Feb. 2020).
17. European Commission, Technologies for European Non-Dependence and Competitiveness (Critical Space Technologies): Guidance Document for Horizon 2020 Work Programme 2018-2020 [website], 26 Oct. 2017, p. 23, https://ec.europa.eu/docsroom/documents/26326/attachments/1/translations/en/renditions/pdf.

Gil Baram is the Head of research at the Yuval Ne’eman workshop for science, technology and security, and a research fellow at the Blavatnik Interdisciplinary Cyber Research Center (ICRC), Tel Aviv University. Her PhD research deals with political attribution and national decision making during cyber conflict.

Omree Wechsler is a senior researcher for cyber security policies and strategy at the Yuval Ne’eman Workshop for Science, Technology and Security in Tel Aviv University. His research fields include information operations, elections cyber security, national cyber strategies, cyber threats on space systems and cyber weapons proliferation.

Conference 2020 Sponsors