Cybersecurity in sharper focus with recent attacks
APOGEE STAFF
As Russian military forces prepared to invade Ukraine in early 2022, state-sponsored hackers were busy planning an attack of their own. The focus of their efforts: a U.S.-based commercial satellite network.
By the time Russian forces crossed the border in the pre-dawn hours February 24, firing missiles into Kyiv and other cities, the hackers had launched their assault, not only disrupting Ukrainian police and military communications, but also disabling internet connectivity for tens of thousands of users across Eastern Europe.
United States Secretary of State Antony Blinken condemned the action in May 2022, saying that while designed to “disrupt Ukrainian command and control during the invasion,” the attack quickly spilled over to affect terminals “outside of Ukraine that, among other things, support wind turbines and provide Internet services to private citizens.”
U.S.-based Viasat, the target of the intrusion, said hackers exploited a misconfiguration in a virtual protocol network appliance to gain remote access to the management segment of the company’s KA-SAT network. After gaining entry, they moved across the system to a partition that manages and operates the network. From there, they sent commands to disable modems simultaneously — including thousands that were privately owned. Specifically, the commands overwrote data on SurfBeam2 and SurfBeam2+ residential modems, leaving the devices unable to access the satellite network. To users, it seemed the modems had simply died.
One of the most significant wartime cyberattacks publicly disclosed, the episode immediately drew attention of Western governments, along with scores of aerospace companies aligned with the U.S. and its allies. Viasat is a U.S. defense contractor. “In a way, this wasn’t surprising. It was a war, but very quickly we realized that this wasn’t just Ukraine,” cybersecurity analyst and consultant Bob Gourley told Apogee. “This was happening to thousands of modems across Eastern Europe. It had sophistication and staying power.”
In the weeks that followed, Viasat restored many of the affected systems through a factory reset and replaced thousands of others at the customers’ request. To the broader aerospace community, the episode represented another in a string of attacks and attempted hacks on broadband satellite constellations. This only intensified as the war in Ukraine dragged on, with continued drone attacks in Kyiv and Russian forces entrenched in southeastern areas two years later.
Only a few years ago, the U.S. aerospace industry had more pressing matters to tend to than hackers. There were, for example, the technological challenges of deploying satellites into space, including extreme pressure and vibration during the launch and separation phases; exposure to cosmic radiation; and temperature fluctuations of minus 65 degrees Celsius to 125 degrees Celsius from circling the planet a dozen or more times a day. Science and technology have largely addressed those issues. But now, along with the threat of direct-ascent anti-satellite attacks and co-orbital weapons, state-sponsored hackers from Russia, the People’s Republic of China, Iran, North Korea and elsewhere are creating new levels of handwringing. Since the onset of the Ukraine war, for example, SpaceX’s Starlink constellation, the largest of the broadband networks, has endured near constant threats, although none of the hacks has succeeded, the company says.
Concerns about cybersecurity began long before Viasat, with the first deployments of navigation and communication networks. But in 2019, the headaches worsened with the debut of the Starlink and OneWeb satellite constellations. The companies behind these systems placed vast commercial arrays in space — SpaceX alone anticipates 42,000 satellites in its constellation when it’s fully complete — and triggered a shift from traditional geosynchronous and geostationary satellites designed for one-on-one “stovepipe” communication with ground-based operators. Instead, the newer, more compact satellites can talk with ground systems and each other — one reason, aerospace professionals say, they have become more frequent targets.
“There are many more gates now, and many more gates that can be opened,” said Victor Alfano, senior director of strategic development at California-based contractor National Technical Systems (NTS), which tests satellites and other electronic components at more than a dozen sites around the country. Broadband satellite constellations provide more entry points for hackers than older satellite systems, he said. “They were much more secure [then] because they didn’t speak to other satellites. They went from a ground station to a receiver. But now satellites are smaller and they communicate among each other. You’ve got commercial satellites mixed with military satellites, all working together, so the gates are open. And there are many more gates that are open that can compromise a system, so that is what people are worried about.”
One organization focused intently on the issue is U.S. Space Command (USSPACECOM), which tracks active satellites — now numbering more than 8,800 — and other objects orbiting Earth. In May 2022, the U.S. Space Force announced an initiative, the Space Test Enterprise Vision, to create protocols for testing hardware and software connected to spacecraft. Traditionally, satellites are tested for technical performance, but not survivability against anti-satellite weapons.
“We have done testing and training of space capabilities for years,” said Gen. David D. Thompson, vice chief of space operations, during a May 10, 2022, press briefing. “But in years past we didn’t have to worry about specific threats in the domain and we didn’t have to test our systems against those threats or train our Guardians to operate in the face of those threats.” As a result, the Space Force needs to develop a “test enterprise and a culture among testers,” he said. “That’s really what this vision is about, and the infrastructure and the investment we’re creating around it.”
The Space Force requested $89 million for fiscal 2023 to begin design and development of a National Space Test and Training Complex, or NSTTC, to facilitate Enterprise Vision. The complex will include a digital environment for virtual testing and training, along with hardware for real-world tests. Another change the program recommends: combining traditional phases of military weapon systems — developmental testing and operational testing — into a single test activity. “We think that if we can integrate the test activities, it’ll let us be more efficient, faster, and speed up the testing part of the acquisition process,” Maj. Gen. Shawn Bratton, then commander of the Space Training and Readiness Command (STARCOM), said in a news release.
“Just as air, land, maritime and cyber forces evaluate their systems against adversarial capabilities, space now requires the realism of a contested environment and a robust independent test capability.”
~ Col. Nick Hague, then director of Space Force Test Enterprise
STARCOM kicked off NSTTC operational planning in late 2021 with assistance from Space Systems Command. The plan provides guidance on how to integrate developmental and operational test and evaluation processes across a system’s life cycle and throughout the testing enterprise, encompassing organizations, workforce, infrastructure, acquisition and operations.
“Just as air, land, maritime and cyber forces evaluate their systems against adversarial capabilities, space now requires the realism of a contested environment and a robust independent test capability,” Col. Nick Hague, then director of Space Force Test Enterprise, said in a 2022 news release. “Our Guardians, in addition to our systems, must be resilient to operations in the harsh environment of launch and on-orbit conditions as well as against current and evolving threats. Proper testing elucidates a system’s ‘operational envelope’ that Guardians need for optimum full-spectrum operations.”
Hague said the enterprise approach to integrated testing will enable “the cultivation of a test culture that promotes warfighter influence on system development by using intentional workforce crossflow between acquisition, test and operations within mission-focused areas.”
As part of the plan, integrated test forces are being stood up, fusing developmental and operational testing while also providing independent government evaluation of operational suitability, effectiveness and survivability. STARCOM will serve as the focal point for test enterprise to promote execution and resourcing and to maintain awareness of independent government test efforts to include developmental and operational tests, tactics, techniques and procedures validation, and weapon system evaluation activities.
The Space Force “has a unique opportunity to build a fully integrated test and evaluation system from the outset, providing independent, credible, relevant information on vital warfighting capabilities,” Bratton said. “In addition to our Space Force partners, we will look to our industry partners to help us develop the National Space Test and Training Complex into the world-class test and training complex our Guardians need.”
Also in May 2022, the Space Force’s Commercial Services Office (CSO) announced a new process to evaluate the cybersecurity status of satellite manufacturers that work with the military.
Under the Infrastructure Asset Pre-Approval program, or IA Pre, commercial satellite communications (COMSATCOM) companies will be assessed on their cybersecurity practices and systems. Suppliers that pass the Department of Defense’s checklist will be preapproved. “Cybersecurity is critical to the DOD and its missions,” Jared Reece, program analyst with the CSO solutions branch, said in a news release. “Today, the commercial satellite industry spends countless dollars on cybersecurity to ensure their assets and customers are protected from malicious actors. IA-Pre will help ensure appropriate cybersecurity solutions are achieved for our customers.”
Among the program’s goals is to create an “approved product list” of COMSATCOM assets with cybersecurity status scores based on government requirements and to enhance “commercial asset security posture,” reducing administrative burdens to the government and industry partners, Space Systems Command said. The CSO is working with the Space Force’s Risk Management Office and commercial satellite industry to develop a program to meet its goals.
The renewed focus on cybersecurity comes as the Space Force grapples with threats of hacking and other space-based weapons, and as it looks to enhance early warning systems connected to hypersonic missiles. As USSPACECOM looks to outpace China and Russia to maintain leadership in space, it’s seeking closer ties with the private aerospace industry to boost innovation.
“Accelerating commercialization of space presents new and significant opportunities for us,” then-USSPACECOM commander Army Gen. James H. Dickinson said in an April 2022 address to the 37th annual Space Symposium in Colorado Springs, Colorado. “This is because partnering with commercial entities enables us to adapt faster, innovate more readily and integrate cutting-edge technology. We can also bolster space architecture resilience, better understand the space domain, expedite decision-making and devise economical solutions to strategic problems.”
USSPACECOM will prioritize integration with systems including operational intelligence, space domain awareness, satellite communications bandwidth, remote sensing, modeling and simulation, artificial intelligence, machine learning, quantum computing, and encryption. Dickinson said increased collaboration between the DOD and private industry will help USSPACECOM fill system requirements while making space safer for nations and corporations.
The Space Force, meanwhile, expects to add more squadrons of cyber specialists to support military units that operate communications, surveillance and navigation satellites. Ground systems used to operate satellites are under threat of cyberattack, Col. Roy Rockwell, then commander of Space Delta 6, said during a May 2022 Space Force Association online event. Space Delta 6 oversees the military’s satellite control network and cybersecurity operations.
“You don’t have to spend millions or billions of dollars to gain access to the cyber domain and build those capabilities,” said Rockwell, now serving as the deputy chief of the Technology and Innovation Office. Cyber and malware attacks can be pulled off at a relatively low cost, he said, making these kinds of weapons more accessible than missiles or lasers. “As we look at how we’ll be attacked in future fights, and how adversaries will try to eliminate us in the space domain, they’ll start with cyberattacks first and foremost.”
Aerospace professionals, meanwhile, applaud the push for enhanced cybersecurity. The new requirements will fuel innovation and encourage manufacturers to improve their products. “It’s good to see that there’s this focused effort in developing joint requirements going across the industry,” said Jim Pinyan, director of strategic programs and business development for space at satellite tester NTS. Pinyan said he expected the cybersecurity requirements to be released soon, which will trigger an industrywide push toward increased testing.
“Cybersecurity requirements for space don’t yet exist in the public domain,” he said. “We’ve been talking to a lot of companies and other organizations about starting a pilot program to demonstrate the ability to test systems in our chambers. … Everybody on the food chain that we’ve talked to has shown quite a bit of interest to participate in this, to demonstrate the capability for testing, because once the requirements come out, people are going to have to test to show that their systems are not vulnerable.”