Comment: Cybersecurity best practice is critical to winning the new space race

The implications of cyber-attacks on satellites are self-evident, but the resilience and protection of these galactical systems require further exploration and a mass team effort, says Neil Sherwin-Peddie, head of space security at BAE Systems Digital Intelligence.


As the low earth orbit market prepares to double over the next five years to the tune of around $20bn, we’re on the edge of a new space race. However, amid rapidly falling launch costs and a host of technological advancements, this race is heading into different territory.

These digitisations relate to the role of sensors, data processing, and a plethora of applications that aid ground control and observation operations.

One segment of the race that is yet to pick up speed, however, relates to cybersecurity. The implications of attacks on satellites are self-evident, but the resilience and protection of these galactical systems require further exploration, and a mass team effort.

If the sector’s main protagonists are indeed going boldly where few have gone before, then they need to do so together, knowing that less desirable entrants to the space race will be hot on their tail.

Familiarity in space

Protecting devices in space is difficult as they comprise multiple complex systems within systems – each playing different roles and being deployed by different players.

Satellites are effectively platforms with embedded systems and interfaces including radio communications, telemetry tracking control systems and ground segment connections. These are essentially enterprise networks, making them avenues of opportunity for cybercriminals.

All systems are underpinned by a complex supply chain – another prime target for attackers as demonstrated through examples like SolarWinds.

Not only does this make systems in space more familiar, but it also makes them more challenging to defend against, with recognisable gateways being applied in an underdeveloped domain.

The satellite door is therefore potentially open to hacktivists seeking unprecedented realms to gain attention; financial crusaders identifying fresh opportunities; or – most poignantly – state acting cyber spies who can use their resources to target other countries’ space assets.

The ‘how’ and ‘why’ of space attacks

These attack groups may sound a little far-fetched. Why attack space when there are systems on land to focus on?

The answer is twofold; based on how familiar these satellite platforms are, and what attackers stand to gain by infiltrating them.

Addressing the former, ‘under the hood’ of a satellite, is a platform. Often, the embedded system within that platform may be a recognisable Linux operating system. While the operations of the satellites themselves have been tailored to offset that vulnerability, this is changing as the market becomes more commercialised and accessible.

Now, there are huge amounts of information available publicly around orbiting stations. While this makes them more understandable and standardised from a defence perspective, it comes with an equally familiar gateway for attackers.

Any good hacker or threat actor will be familiar with the operating system. Once administration rights are attained to the environment, access to cameras, orientation and all other interfaces becomes much more plausible.

This leads to the ‘why’.  Earlier this year, we saw an outage of the Viasat network across Europe, at almost the exact time Russian troops entered Ukraine. As well as being a commercial broadband provider, Viasat is also used by the Ukrainian military. On closer inspection, the main damage seemed to be collateral across the continent due to a misconfiguration sent down to modems.

However, upon testing the memory chips from these modems, it was revealed that they had been essentially wiped out. A plausible theory is that attackers accessed the internal management system through a misconfiguration, developed malware to deploy across the network to wipe the modems, and pushed that malware through on the day of the invasion. The satellite itself wasn’t being targeted – it was merely a portal to impact connections and operations on the ground.

Recognisable defences

This link between space and earth is why cybersecurity advancements are so critical. Technology and their locations make satellites fascinating, but often they’re simply portals to information we’re trying to acquire, monitor, use or inform decisions down on the ground.

While this makes their breaches more concerning, it also means that we can lean on familiar defence processes and technologies.

For example, running trusted code from reliable sources can be achieved through trusted platform module (TPM) chips found in mobile phones. Novel encryption approaches used to defend enterprise networks can be applied to the data equation to offset the risk of jamming, spoofing or relay attacks. Segmentation and zero trust architectures are further examples, alongside stronger authentication protocols for users, to better protect ground stations.

All of this must be backed up by enhanced supply chain security whereby software bills of materials are common practice.

A sprint and a marathon

The space race is just that: a race. The landscape has evolved rapidly in recent years, and it will continue to do so moving forward. Scenario planning will form a big part of cybersecurity strategy to ensure better futureproofing.

Fortunately, we have time to implement these agile and adaptable best practices. Building systems that can withstand attacks, segment risks, and contain breaches should be a culmination of this more concerted testing and scenario planning.

But it can’t be done in isolation. The space race is more of a relay; a team sport where information is generated through collaboration. This will ensure a speedier launch from the new start line and give us endurance as the sprint turns into a marathon in the coming years. 

Neil Sherwin-Peddie, head of space security at BAE Systems Digital Intelligence