US Must Improve Cyber Protection For Sats: Aerospace « Breaking Defense
So what’s vulnerable? Traditionally, the ground stations that communicate with satellites were thought to be the most likely focus of a cyber attack. That could lead to corrupt data or the satellite “being disabled, destroyed, or (perhaps worst) deemed unreliable,” the five authors of the corporation’s report, “Defending Spacecraft in the Cyber Domain,” write.
But there are lots of other attack vectors. The supply chain offers tempting targets, which could result in a different, more limited set of attacks against the satellites. The authors mention “a range of scenarios” which could lead to everything from “irreversible damage” to a gap in mission time. All of them have serious implications because, “the more an adversary can sow doubt in our space systems, the greater the impact on our military/economic systems.”
None of this is helped by the fact that the military, civilian, and commercial space sectors all share “complacency and misunderstandings about cyber vulnerabilities” for satellites. As a result, “spacecraft have been built assuming a very limited range of cyber threats.”
So great care must be taken to identify and guarantee the reliability and quality of critical units and subsystems. Firmware and software must be put through a careful sieve.
“The prime integrator must take responsibility for all security weaknesses introduced via the use of third- party (software) code, the report says.
Then there’s the Stuxnet problem. Industrial control systems (ICSs) used to make satellites work have been successfully attacked in other supposedly “closed” systems.
The coming mega-constellations of vast numbers of satellites present their own unique challenges. To keep manufacturing speeds high and costs low, small satellites will rely on more commercial parts as opposed to military grade, the report notes. Tightening the supply chain “is advisable” but those small birds are built quickly so there may not be enough time to dig deep into each supplier each time while still keeping costs low.
The best way to build what the report calls “a cyber-resilient spacecraft” would be construction of an intrusion detection system (IDS) that monitors “telemetry, command sequences, command receiver status, shared bus traffic, and flight software configuration and operating states.” The system should be automated, the report adds.
Finally, the report says the system must be designed with a separate computer module that uses the RoT concept. This controls a “cryptographic processor” that has been programmed to know what is accurate and correct.
Finally, the Aerospace Corp. says the standard military satellite bus — sort of the chassis of a satellite — “was designed before the term cybersecurity was invented, and the concern is that this bus, which was designed with no infiltration protection, could be easily corrupted or manipulated if any unintended data made it onto the data bus.”
So, if the old MIL-STD-1553 bus is used “to communicate between the flight computer, attitude control system, thrusters, and various payloads, the payload communication should be separated or encryption, authentication, and anti-babble protection should be applied in front of each unit.”
I’m sure the engineers know what that means… Basically, it’s clear much needs to be done to better protect America’s commercial, civil and military satellites and their systems from cyber attacks.