WASHINGTON: Not enough is being done either in government policy or by manufacturers to protect and monitor satellites from cyber attacks, says the redoubtable Aerospace Corp.

The FFRDC says in a new report that: “Neither space policy nor cybersecurity policy is prepared for the challenges created by the meshing of space and cyberspace, especially for the spacecraft.”

To be clear, we are not only taking about military satellites here, but everything in space owned by the US and its allies, because enemies will doubtless target commercial satellites providing communications, eyes on targets and other sensor data.

“With the expanding list of threat actors and increase in awareness of vulnerabilities and adversary capabilities, all sectors of the space domain need to invest in improving the cybersecurity of space systems, especially onboard the spacecraft,” the Aerospace Corp. authors write.

As Breaking D readers know, cybersecurity for space systems has become a major concern not just within the Air Force and the Pentagon, but all the way up the government food chain to the National Security Council (NSC). The NSC’s Cybersecurity Directorate has recently thrown its weight behind a public-private partnership, called the Space Information Analysis and Sharing Center (Space-ISAC) aimed squarely at cyber protection for satellites.

Indeed, as we reported back in July, Air Force Space Command’s head of operations and communications, Brig. Gen. DeAnna Burt, has warned that China is stealing the US military and defense contractors blind via cyber intrusions, especially in the space arena.

Aerospace Corp. recommend these measures to better protect these crucial assets, which the Air Force never ceases to tell us are now at risk in the event of war:

  • Intrusion detection and prevention via leveraging signatures and machine learning to detect and block cyber intrusions onboard spacecraft.
  • A supply chain risk management program to protect against malware inserted in parts and modules.
  • Software assurance methods within the software supply chain to reduce the likelihood of cyber weaknesses in flight software and firmware.
  • Logging onboard the spacecraft to verify legitimate operations and aid in forensic investigations after anomalies.
  • So-called Root of Trust (RoT, a set of trusted functions) to protect software and firmware integrity.
  • A tamper-proof means to restore the spacecraft
    to a known good cyber-safe mode.
  • Lightweight cryptographic solutions for use in smallsats.

Not only are there too few detailed standards, the report says, but government policies “lack the necessary integration between cybersecurity and the space domain.”

So what’s vulnerable? Traditionally, the ground stations that communicate with satellites were thought to be the most likely focus of a cyber attack. That could lead to corrupt data or the satellite “being disabled, destroyed, or (perhaps worst) deemed unreliable,” the five authors of the corporation’s report, “Defending Spacecraft in the Cyber Domain,” write.

But there are lots of other attack vectors. The supply chain offers tempting targets, which could result in a different, more limited set of attacks against the satellites. The authors mention “a range of scenarios” which could lead to everything from “irreversible damage” to a gap in mission time. All of them have serious implications because, “the more an adversary can sow doubt in our space systems, the greater the impact on our military/economic systems.”

None of this is helped by the fact that the military, civilian, and commercial space sectors all share “complacency and misunderstandings about cyber vulnerabilities” for satellites. As a result, “spacecraft have been built assuming a very limited range of cyber threats.”

So great care must be taken to identify and guarantee the reliability and quality of critical units and subsystems. Firmware and software must be put through a careful sieve.

“The prime integrator must take responsibility for all security weaknesses introduced via the use of third- party (software) code, the report says.

Then there’s the Stuxnet problem. Industrial control systems (ICSs) used to make satellites work have been successfully attacked in other supposedly “closed” systems.

The coming mega-constellations of vast numbers of satellites present their own unique challenges. To keep manufacturing speeds high and costs low, small satellites will rely on more commercial parts as opposed to military grade, the report notes. Tightening the supply chain “is advisable” but those small birds are built quickly so there may not be enough time to dig deep into each supplier each time while still keeping costs low.

The best way to build what the report calls “a cyber-resilient spacecraft” would be construction of an intrusion detection system (IDS) that monitors “telemetry, command sequences, command receiver status, shared bus traffic, and flight software configuration and operating states.” The system should be automated, the report adds.

Finally, the report says the system must be designed with a separate computer module that uses the RoT  concept. This controls a “cryptographic processor” that has been programmed to know what is accurate and correct.

Finally, the Aerospace Corp. says the standard military satellite bus — sort of the chassis of a satellite — “was designed before the term cybersecurity was invented, and the concern is that this bus, which was designed with no infiltration protection, could be easily corrupted or manipulated if any unintended data made it onto the data bus.”

So, if the old MIL-STD-1553 bus is used “to communicate between the flight computer, attitude control system, thrusters, and various payloads, the payload communication should be separated or encryption, authentication, and anti-babble protection should be applied in front of each unit.”

I’m sure the engineers know what that means… Basically, it’s clear much needs to be done to better protect America’s commercial, civil and military satellites and their systems from cyber attacks.