US issues threat warning after hackers break into a satellite

It seems like nothing is off limits for threat actors to target these days. Hospitals, schools, charity organizations and even municipalities have all been successfully targeted by malicious cyberattacks in recent years. And now, it seems like attackers are even looking into space for new systems to try and compromise.

Last week, the Office of the Director of National Intelligence, in coordination with the FBI, the National Counterintelligence and Security Center, and the Air Force Office of Special Investigations, issued a warning about increased attempts to attack both satellites in orbit and the intellectual property of companies developing space technologies.

The warning comes just about a month after three teams at the DEF CON 23 convention in Las Vegas managed to hack a government satellite in orbit. Those attacks were conducted with the full permission of the government as part of the U.S. Space Force’s Hack-A-Sat competition. Three of the teams that successfully breached the security of the orbiting satellite were awarded up to $50,000 in prize money for demonstrating how such an attack could be conducted. This was the first time that hacker groups were able to prove that it was now possible to circumvent the cybersecurity protections of satellites in orbit.

In addition to hacking, the recent warning points out that other less technical tactics are also being used to try and compromise or steal information about U.S. space technologies. The warning states that “Foreign intelligence entities (FIEs) use cyberattacks, strategic investment (including joint ventures and acquisitions), the targeting of key supply chain nodes and other techniques to gain access to the U.S. space industry.”

Defense One sister publication Nextgov/FCW talked with one of the leading experts on aviation and satellite security, Jeff Hall, about the new warning memo and the unique characteristics and challenges of cybersecurity in space. Hall has over 25 years of experience working with private industry, the DOD and other government agencies and has served as a Navy Cybersecurity Safety—or CYBERSAFE—aviation cybersecurity technical area expert and cyber warfare subject matter expert. He is currently a consultant with the NCC Group.

Nextgov/FCW: What are some of the key differences and additional challenges involved with protecting a computerized asset in space, like a satellite, versus an Earth-based asset?

Hall: There are many different aspects to this. Some of the key ones include:

The distances involved: The distance between Earth and satellites in space can cause delays or disruptions in communication, making it difficult to detect and respond to cyber-attacks. 

Radiation: Satellites are exposed to high levels of radiation in space, which can cause hardware failures and software errors if components are not radiation hardened — and that’s a very expensive proposition. This can make it difficult to detect and respond to cyber attacks, as the malicious code may be hidden within the legitimate code that has been corrupted by radiation.

Limited resources: Satellites have purpose-built embedded systems with limited resources, including processing power, memory and storage. The technology is potentially older, since a satellite's life span can extend up to 15 years.

Remote Access: This makes satellites vulnerable to cyberattacks from anywhere in the world.

Complexity: Satellite systems are complex and heterogeneous, making it difficult to identify and patch all vulnerabilities.

Lack of awareness: Many satellite operators are not aware of the cyber threats they face, or don’t have the resources to implement effective cybersecurity measures.

Nextgov/FCW: And in addition to attacking satellites directly, can attackers also go after the data that is streaming to and from them?

Hall: Most definitely. And as to how that should be protected, the best thing is to use end-to-end space encryption to also secure the entire space to ground system.

Nextgov/FCW: That is a lot of challenges. Are there any advantages to securing a satellite’s cybersecurity compared to an Earth-based asset?

Hall: Yes, the advantages come from having a secure ground station using encrypted links and authentication.

Nextgov/FCW: The special bulletin also mentions other dangers for aerospace operations beyond the direct hacking of assets. Can you talk about some of those threats? 

Hall: Unclassified counterintelligence updates indicate that foreign adversaries are employing a range of techniques, including insider threats, cyber penetrations, supply chain attacks and blended operations that combine some or all of these methods.

They are also using legal and quasi-legal methods, together with acquisitions, mergers, investments, joint ventures, partnerships and talent recruitment programs to acquire U.S. technology and innovation.

Nextgov/FCW: I realize that those methods of stealing intellectual property mostly fall outside of cybersecurity, but do you have any advice about how to mitigate them? 

Hall: The best ways to guard against that includes using classification and handling markings; limiting access to only those who have a need to know; placing physical and technological restrictions on files; and fostering a culture that prioritizes data confidentiality.

In addition to fostering a data-confidentiality culture and following other aspects of Hall’s advice, the Department of the Air Force Office of Special Investigations has set up both a 24-hour tip line and an online forum for submitting tips about any kind of attack against space assets. This can include information about both direct cyberattacks and some of the quasi-legal activities mentioned in the recent warning memo.

John Breeden II is an award-winning journalist and reviewer with over 20 years of experience covering technology. He is the CEO of the Tech Writers Bureau, a group that creates technological thought leadership content for organizations of all sizes. Twitter: @LabGuys