End of an era
James Pavur, a security researcher and Oxford University PhD student who has done extensive research into satellite broadband security risks, told The Daily Swig that the era when satellite systems were beyond the reach of hackers is coming to an end.
“Satellite systems used to be made up of expensive kit, about which there was not much info, that were highly customised and bespoke,” Pavur explained.
Despite the glamorous allure of getting into satellite systems, malicious hackers were effectively dissuaded from chancing their arm by “security through obscurity” – something the space industry can no longer count on after borrowing standardized hardware and software development practices from IoT and enterprise systems, according to Pavur.
Security incidents involving satellite systems have historically involved breaking into Windows computers in ground stations (“the weakest link”, said Pavur) but now more thought is being put into radio frequency exploits.
This is a concern for the future because some in the space industry still transmit telemetry protocols with no cryptographic protections.
“We’re better at understanding how to secure ground computers than how to secure satellites,” according to Pavur.
Ignacio Chechile, CTO at space start-up ReOrbit, backed up Pavur’s assessment that immature cybersecurity practices were common in the space industry by referring to one unnamed operator that used Telnet to communicate with a satellite over an unencrypted CCSDS link.
This is an area of potential exposure because a hobbyist can now, for just a few hundred euros, buy hardware that would allow them to track a satellite. An accessible physical layer plus vulnerabilities and no patching is a recipe for potential trouble, Chechile warned.
Other speakers at Cysat urged the adoption of an onion-like approach featuring multiple layers of protection, compartmentalization, and redundancy as a defence against potential attack.
Work along these lines has already been undertaken in segments of the space industry, where best practices and solutions for securing satellite communications are been developed.
Source: The Daily Swig