Behind the headline-grabbing kinetic war, Russia’s attack on Ukraine has put a new focus on the importance of cybersecurity and satellite communications.
American satellite communications company Viasat probed an outage that impacted its coverage of Ukraine, and SpaceX deployed internet service and terminals to Ukraine, while simultaneously announcing that the company will shift resources to cybersecurity. The FBI and Cybersecurity and Infrastructure Security Agency issued a warning about the elevated risk.
The stakes are high if this threat escalates.
As impressive as kinetic attacks on satellites are, the biggest threat to these flying computers is from cyberattack. Such an attack that impairs commercial satellites can have an immediate impact on military capability.
The fear of cyberattack on satellites and ground infrastructure has been on the minds of government users for some time. Lt. Gen. Stephen Whiting, commander of the U.S. Space Force’s Space Operations Command, recently remarked: “Cyberspace is the soft underbelly of our global space networks.”
This threat stems in part from the increasing use of commercially operated satellite networks. America’s primary military wide-band communications satellite network reflects a model of satellite communications that is ending. When the first Wideband Global Satcom satellite took to flight in 2007, the government and its primary contractors built every ounce of the satellites and their infrastructure.
That network followed the same model as its predecessors going back to the Initial Defense Communication Satellite Program that put more than two dozen satellites in orbit from 1966-1968. The experts who recommended the program and engineers who built the systems were either members of the military or contractors carefully cleared by the government.
Everyone in mission control from the top manager to the janitor was either a government employee or a trusted person with the highest clearance. That total control gave military officers responsible for command, control, and communications a strong sense of security when they made use of satellites. Also aiding that assurance was the difficulty of tampering with satellites in orbit. They were protected by physical separation from adversaries and cleared staff and facilities.
All of that has changed.
Beginning with the option of leasing capacity from commercial space operators, the government gained immense flexibility and cost savings. This has evolved further into procuring managed-service offerings from commercial space operators.
This evolution is necessary given the explosion in bandwidth required to transmit the ever-growing mass of data for emails, voice, and video for commanders and their subordinates, plus the data from surveillance platforms like UAVs, and communications for general operations. This trend will only continue.
The number of satellites in low-Earth orbit may increase by a factor of ten in just a few years. Communications dominated by a few dozen satellites will be supplemented by “mesh networks” of thousands of orbiters communicating with each other in addition to ground control stations. New “Ground Station-as-a-Service” offerings further expand the population of commercial providers upon which government users can rely. But there are considerations that come with using commercial service providers.
How robust is their protection of the network? The “C.I.A. triad” is a common model that forms the basis for the development of security systems and policies: Confidentiality, Integrity, and Availability. Satellite communications service providers generally place a lot of emphasis on “Availability.”
However, looking at “Confidentiality” in a satellite network, the government must ask important questions. Who is operating the network? Who can view locations of user terminals, configurations, and network status? How many third parties are granted privileged access to the network? Are the operators cleared?
The entire approach to security and operations needs to be reexamined in light of the growing cyber threat and the large number of unvetted vendors who are part of any single service offering. The solution should start with “zero-trust” protocols for all of the software and systems on a satellite network.
Zero trust means treating all of your system components as untrusted, a software-design method that can prevent commercial service providers from monitoring government communications. Concerns over cleared personnel versus foreigners or other uncleared personnel operating the ground stations or control rooms become less of a concern.
Shifting to the “Integrity” leg of the triad, another fundamental component to accompany zero-trust design is the encryption of everything on a communications satellite from the data it transmits to the commands its receives and its linkages with other satellites in a mesh network. This encryption can also validate that information isn’t tampered with.
New innovations like distributed-ledger technology, which is used in cryptocurrency, can provide cryptographic assurance that is authentic, accurate, and reliable. Privacy and zero trust should be the hallmarks of new designs and new architectures. Since the technology now exists, it is more a matter of having the will to take a different approach to software and operations in satellite design and operations. We know the threat is real and serious. Let’s build the defenses before a crisis occurs.
Joel Machen is the vice president of program management at SpiderOak Mission Systems, directing the company’s zero-trust hybrid space security solutions. He previously oversaw systems engineering for satellite broadcast management programs for the Department of Defense and private operators.