The Time to Future-Proof Satellites is Now

Photo: Via Satellite illustration

Satellites are vital to many of our day-to-day activities. They are as critical to infrastructure such as water treatment facilities, electrical substations, and transportation operations. Whether it is navigation, communication, connectivity, or research — satellites power it all. While casual consumers likely do not consider the satellites that assist with their wayfinding, the fact remains that if the data exchange between satellite and device were interrupted, people would quickly notice.

This era of satellite communications will bring with it a proliferation of new entrants and constellations. Protecting the telemetry, tracking and controls (TCC) of these satellites must be given the same importance as guarding nuclear reactors and water treatment plants. To that end, it is imperative that we protect the integrity of the data coming off these satellites as well as the entire communications network they reside in – including data as it travels satellite to satellite or satellite to base station, or base station to data center – and that manufacturers focus on future-proofing the encryption architecture that protects them. At stake are the millions of dollars invested to manufacture and launch these constellations, the business models that back them, and the humans who rely on secure communications to survive.

Moving Past Public Key Encryption

Satellite infrastructure has and will continue to face critical threats. While there continues to be innovations in space technology, we are also undergoing a multiyear cryptographic transition. This transition will require nearly every organization in the world to replace their classic encryption with quantum-safe solutions – including math-based Post Quantum Cryptography (PQC) and/or physics-based Quantum Key Distribution (QKD).

Designed nearly five decades ago, the Diffie-Hellman Key Exchange – the backbone of public key encryption (PKE) — has served us incredibly well. However, it was conceived in a time where our hyper-connected world of today was difficult to imagine. Tomorrow’s quantum computers will be able to break current encryption methods in a matter of seconds – what the industry has coined “Q-Day” or the quantum threat – spurring the transition to quantum-safe solutions.

However, the truth of the matter is we don’t need next-generation computing power to break encryption. Encryption suffers from single points of failure every day. Software bugs, poor programming skills, implementation errors, lack of key rotation, among others, all create areas of weakness ripe for exploitation.  This should be a wake-up call for those involved in information security, as well as those who work to secure our satellites. The time to prepare for a post-quantum future is now.

These single points of failure – of which foreign adversaries already exploit to steal and intercept mission-critical information – mean that encryption is broken all the time. Additionally, as the commercial satellite industry explodes with the influx of private sector companies, the number of satellites in orbit also increases and so too does the attack surface.

These two factors expose the hacking of satellites as profitable venture. Additionally, once a satellite is sent into orbit, it’s difficult, if not impossible for ground crews to fix problems that arise. It’s with this in mind that we must future-proof satellites with the strongest encryption strategies available.

Many space-faring nations are already fortifying their satellites with quantum-based security. China has developed a robust capability to protect its infrastructure, including satellites, with QKD. India is looking to follow suit and has made some recent advances as well.

I believe the United States can take a significant step towards protection if we implement a strategy of crypto-diversification, a proactive mix of current and post-quantum encryption methods and out-of-band key delivery. If we do not, we are at risk of falling behind our adversaries and jeopardizing the satellites and their associated infrastructure that are the keystone of our national security.

Future Proofing Satellites Through Crypto-Diversification

Future proofing satellites should begin by diversifying the cryptography that underpins the encryption architecture within each satellite, as well as the encryption that protects the data that flows between the satellites, their command stations, and other communications networks.

Since PQCs will be the standard in 2024, satellite designers need to embrace quantum-safety now. The PQC migration will not be a simple drop-in replacement of existing crypto or fixed through simple patching. It will require modifying or replacing libraries, validation tools, hardware, operating systems, application code, device protocols, and user/administrative procedures – on every endpoint. And it’s unclear if this will be a one-time change or an iterative process requiring the continuous swapping of cryptography for decades to come.

However, by embracing a next-gen, crypto-diverse and quantum-safe key delivery system that also works within existing crypto (firewall, routers, VPNs) satellites can be made immediately quantum-resistant. Additionally, crypto keys can be switched on the fly, or managed in lock step with the shifting threat landscape and mission requirements with no interruptions to the network.

Using and mixing multiple encryption techniques helps to keep data traveling secure, even if a flaw is uncovered in one of the encryption layers. Taking steps to implement crypto-diversification is critical as we begin projecting future threats. We won’t always know which part of a crypto stack has been defeated and how, but it won’t matter – and satellite developers can rest easier – if the cryptography is sufficiently diversified.

This recommendation is also supported by the White House National Security Memorandum 8, Executive Order 14028: Improving the Nation’s Cybersecurity. Released in January 2022, it stated that government agencies had 180 days to utilize next-generation cryptography.  Additionally, as recently as March 2022, the FBI and Cybersecurity and Infrastructure Agency (CISA) have called for satellite communications users to “strengthen the security of operating systems, software and firmware” and “implement independent encryption across all communications links.”

Ignoring the specter of quantum computing, weakening cryptographic algorithms and the impact it will have on our satellite security could mean massive financial losses, as well as negative impacts on our national security. Consider the disastrous effects of a “man-in-the-middle” attack, whereby a threat actor falsifies their digital identity, accesses a satellite, and takes control of it and then “deorbits” it. One can see the impact this may have in a future conflict, for instance, in which a state-sponsored entity takes control of, and then promptly destroys, an opponent’s navigational or geospatial imagery satellite, leaving them operating in the ‘dark’.  While we have yet to feel the full impact of quantum computing, it is up to all of us to ensure we take the threat seriously and begin planning now.

Eddy Zervigon is CEO of Quantum Xchange and a board member at Maxar Technologies with experience in helping to launch one of the first commercial satellite operators in the U.S. He has also been a special advisor at Riverside Management Group, a boutique merchant bank, since 2012 and currently sits on the board of directors at Bloom Energy. Eddy holds an MBA from the Amos Tuck School of Business at Dartmouth College, a master’s in taxation from Florida International University as well as his undergraduate degree in accounting.