Photo: Kuva Space

Kuva Space is one of the up and coming space companies in Earth Observation (EO) and is looking to develop one of the world’s most extensive hyperspectral satellite constellations. It aims to combine this vast network with AI to deliver decision-ready intelligence to customers.

The company launched its first satellite, Hyperfield-1, the first of its planned 100-satellite constellation in August 2024. This year the second one will lift off. Next year, Kuva Space plans for 10 second-generation satellites to launch and join the two first-generation satellites.

S3 spoke to Daniel Landau, director of Software and IT, Kuva Space about the cyber threats facing a company like Kuva Space as it looks to build this constellation. Landau said that as the company increases the number of satellites in the coming years, it expects the number of sophisticated attackers targeting the company to grow too. “Continuous monitoring of emerging threats, adoption of best practices, and international collaboration are essential to ensure the resilience and security of satellite infrastructures,” he said.

“Most of the attacks we are seeing are run-of-the-mill CEO fraud phishing and failed login attempts on publicly routable SSH servers,” Landau said. “Our guidance to employees is that if our CEO approaches you over email to ask about anything, no, he didn’t.”

AI and Cybersecurity

In terms of what impact Artificial Intelligence (AI) will have in terms of space cybersecurity, Landau recognizes that large language models (LLMs) are very good at generating convincing-looking text. “Non-targeted phishing benefits from being poorly written, as that selects the marks non-targeted phishing wants to reach. In spear-phishing, such as CEO fraud, the attackers want to get more sophisticated victims to respond and then spend targeted time working with them,” he said. “I’d expect LLMs to help scale that effort much larger and more targeted than it is today, by e.g. feeding our website and LinkedIn presence to an LLM to get much more targeted than the attacks we see today.”

In terms of defenses, Landau says endpoint detection and response (EDR) solutions and virus scanners probably won’t benefit from LLMs as such, but probably other sorts of machine learning and neural networks. He adds, “We’re not in that business, but for us, deep neural networks and architectures originally developed for generative AI, such as Vision Transformers, are key elements to how we find the needle from the hyperspectral haystack.”

AI is at the heart of Kuva Space and it could even be described as an AI-native company. It deploys AI end-to-end, starting from data acquisition through to data processing and insights generation. Landau says of the company’s AI approach, “With multispectral EO, it is normal to calculate simple indices such as NDVI, but we can do so much more with hyperspectral. Using both supervised and unsupervised learning, we train our AI models to detect and identify changes and features from the hyperspectral scene that a human analyst simply wouldn’t be able to see.”

[This feature was published exclusively for Space Security Sentinel, a new cyber newsletter from the teams at Via Satellite and CyberSat. Learn more and subscribe here]

Threat Monitoring

Satellite companies like Kuva Space are constantly under attack. Landau says that you really can’t wait for an attack to happen before you start mitigating and neutralizing.

“At Kuva Space, we monitor threat actor news, analyze risks, and build our defenses before anything happens. We are under constant barrage from the aforementioned CEO fraud, SSH brute forcing and port knocking. Our systems and security policies remove the threat from those activities,” he said. “We are constantly making our systems more resilient and are in the process of becoming ISO 27001 certified soon. This involves implementing various security hardening measures that any organization can do, such as separating super admin accounts in our cloud services from daily use accounts and using privileged access workstations to access the admin accounts.”

Landau says that the main challenges are the same as in all industries. He talks of the misconfiguring of S3 buckets or monitoring services, being more lax about backup security than normal security, phishing, un-patched software, hacked admin accounts, etc.

“There’s much to do in cybersecurity, and the flourishes being in the space industry are, of course, significant and need to be handled with the utmost care, but by no means dominate the landscape,” he adds.

In terms of what the number one vulnerability is for a company like Kuva Space, Landau says, “The communication and authentication protocols, of course, need to be solid and well-designed. So, assuming that the biggest vulnerabilities are ground-based and similar to any other server infrastructure — software updating, network safety, key management, and a secure supply chain are areas that need to be addressed.”

Kuva Space is planning to deploy satellites to Very Low Earth Orbit (VLEO) to better see the Earth. Landau says the company has to protect against all possible threats. Its satellites aim to serve commercial and defense use cases and are attractive because of their payload and capabilities.

“With the increased traffic in Earth orbits and with the addition of propulsion capabilities to our satellites we become more interesting targets to anybody that just wants to cause harm. Our satellites’ cybersecurity is designed diligently, but if any operator gets hacked by someone wishing to cause collisions and radio interference, everybody gets hurt,” Landau said.

Predictions

Cybersecurity is a fast-moving industry. Threats evolve and change very quickly. Landau predicts that malicious satellite hijacking for space debris generation or radio interference is a threat that could emerge in the near future, in addition to secure supply chain issues.

Last year, there was a supply chain attack reported dealing with a backdoor in the XZ Utils data compression tool on Linux operating systems. Landau says the company avoided a “full-scale catastrophe” from the XZ vulnerability “primarily by luck.”

He says similar vulnerabilities are still a pending threat.

“We haven’t really solved the human issue that causes this vulnerability, so at some timescale someone is bound to try again, and probably already laying the foundation in some or multiple places,” he said.