As cyber crime becomes a bigger problem on earth (increasing about 300 percent since the start of the pandemic), a new frontier of cybersecurity concerns has appeared—space. And as both military and civilian capabilities rely increasingly on space-based assets, cyber attackers only have more incentives to hack, disrupt, and alter space technology.

The possible consequences for cyber attacks aimed at space systems are endless; they could disrupt internet access, interfere with the Global Positioning Satellite (GPS) system, and even turn satellites into weapons. They could damage everything from shipping to weather predictions to navigation to national security. Cyber threats identified by the National Air and Space Intelligence Center (NASIC) (below) cover four segments: space, ground, link, and user. 

cybersecurity threats to space
Photo Credit: University of Buffalo

As more private companies like SpaceX, Amazon, and Blue Origin continue to launch hundreds of satellites to space, the fear and potential danger of cyber attacks increases. Additionally, satellites progressively transmit and store more sensitive information and data, such as images of secret military missions or critical infrastructure, making them even more attractive targets for cyber attackers. 

Problems with Space Cybersecurity

One of the biggest issues with space cybersecurity is the fact that every orbital satellite has software in it—for example, the International Space Station runs on Linux, and the Mars Curiosity Rover runs VxWorks on its onboard computers. Any type of software can have bugs, which cybercriminals could try to exploit. Additionally, space-based systems are ultimately controlled by computers on the ground, which means that they can be infected like any other system.

Another problem is that there are still only a few organizations that have control over space-based assets. Even though this power to grant access to and manage space assets is currently limited to a small number, this makes these systems high-value targets. As more governments and private organizations become more involved with space projects, the number of potential access points for hackers increases. It only takes one hacker with digital access to compromise an entire system.

What Can Be Done

Fortunately, governments and companies have been taking steps to increase cybersecurity in space. For example, the US military transferred over 2,000 cybersecurity experts to the Space Force in 2021. The Air Force has also hosted competitions encouraging hackers to break into satellites, with the goal of learning more about potential vulnerabilities. Space equipment manufacturers Boeing and Northrop Grumman also hosted a recent webinar to discuss how the design of space-bound equipment can lower cybersecurity risk.

One solution to space cybersecurity is the same tactic President Biden mandated for all federal agencies to implement for cybersecurity: Zero Trust architecture. With Zero Trust, only authenticated and authorized users and devices have access to applications and data. The goal is to eliminate implicit trust and continuously validate every stage of digital interaction to provide the highest level of security possible. 

The National Institute of Standards and Technology (NIST) also introduced a reference document specifically detailing how cybersecurity standards may be introduced for commercial satellite operations, setting up the opportunity for more standardized practices for space cybersecurity.