Cybersecurity Expert Assesses Potential Threats to Satellites
While the cybersecurity of space assets has improved, there is a still a long way to go. Via Satellite spoke to Bob Gourley, partner at Cognitio Corp., a leading cybersecurity expert about the potential cyber threat to space and satellite assets.
Gourley says first generation satellites had almost no ability to encrypt communications or remotely configure processors, but that later methods and channels were developed that added encryption to control but kept data unclassified. He says that new methods were added that enabled code to be upgraded while platforms are in space.
“The good news is that the most modern platforms have a high degree of security engineered into them. The bad news is that they operate with legacy systems that are very vulnerable, especially to a well-resourced adversary,” he said. “We also find that ground stations have a mixed degree of protection. In 2016 a large-scale malicious code infrastructure was detected that involved command and control of malicious code acting via satellite ground stations and sending covert communications via satellites. This type of attack was not that expensive to execute with researchers indicating it cost less that $1,000 in hardware plus time and energy from a well resourced, probably nation-state backed hacking team. So yes, there are threats to mitigate.”
It is hard to quantify the cyber threat to the satellite industry, but Gourley has identified a number of potential threats to satellite and space assets. “We see four major attack vectors being exploited via satellites today. You have the command and control hack, which hijacks IP communications to control malicious code. Secondly, we see other attacks, which seek to enable fraudulent use of resources. We also see attacks against the infrastructure to enable reconnaissance and to position countries for further attacks should war break out. And finally we see attacks of opportunity, which can include malware infection of the companies supporting and controlling satellites,” he said.
Gourley has decades of experience in helping organizations become more resilient against cyber attacks, and he says he has found one critical factor rules all others when it comes to enhancing cybersecurity. “Although every organization is different, this one factor is the same in each, no matter what the nature of the company or industry is. The factor is executive leadership. In organizations where the most senior executive and the senior management team understand that they are responsible for mitigating risks, everything else will fall into place. In companies where senior executives keep their heads in the sand or abdicate responsibilities to the IT department, the risks are much, much higher. There are many other things that need to be done to mitigate risks, but without leadership everything else is sub optimized,” he said.
Gourley highlights ransomware as an emerging threat to companies in the aerospace sector. “We see ransomware evolving to the point where it will work its way into embedded systems and cause significant problems for aerospace and space companies,” he said. “Consider the worst case scenario here. Imagine a
safety of flight issue caused by ransomware and a demand for immediate payment. What will you do? Pay it of course! But the goal is to never allow this threat to materialize.”
In terms of trends he sees happening in the cybersecurity market going forward Gourley highlighted talent. “A key trend is a realization that no company has the talent it needs to mount the defense required. From small firms to large firms, no one has the talent to tackle the demand,” he said. “This is giving rise to a need to outsource to experienced professionals who have been in the fight and know how to mitigate risks. ‘Chief Information and Security Officer (CISO) as a Service’ is the hot new trend.”