As part of advancing the security of satellite communication in space, NASA is supporting an innovative initiative at the University of Miami’s Frost Institute for Data Science and Computing (IDSC) to enhance traditional large satellites with nanosatellites or constellations of nanosatellites.
These compact satellites are crafted to achieve a wide array of objectives, encompassing communication, weather forecasting, Earth science research, and observational data collection. NASA, renowned for its technical ingenuity, is a frontrunner in pioneering new technologies that drive US space missions and find applications in fields ranging from Space and Earth science to consumer products and national security.
With the evolution of satellite technology and the decreasing costs associated with deployment and operation, nanosatellites present both opportunities and challenges in safeguarding their communication networks. The ownership and operation of small satellites by various public and private entities broaden the scope for cyber exploitation, akin to vulnerabilities found in Wi-Fi networks. This scenario opens avenues for malicious actors to jeopardize national security and pose economic risks for satellite companies, operators, and users.
In the spring of 2023, cybersecurity experts from Thales, a multinational technology firm, successfully breached the European Space Agency’s (ESA) nanosatellite, OPS-SAT, during the ESA’s cybersecurity exercise, the Hack CYSAT challenge. This ethical hacking endeavor unveiled potential weaknesses in satellite systems and aimed to gauge the real-world repercussions of a cyber assault on space infrastructure.
By leveraging standard access rights, Thales researchers managed to infiltrate OPS-SAT’s onboard system, assuming control of its application environment. This breach enabled manipulation of the satellite’s global positioning system, attitude control system, and onboard camera. Through exploiting vulnerabilities, the hackers implanted malicious code, compromising transmitted data back to Earth and altering captured images.
The primary objective of this exercise was to heighten awareness regarding flaws and vulnerabilities in satellite systems, fostering effective remedial actions. Pierre-Yves Jolivet, VP Cyber Solutions at Thales, stressed the necessity to bolster the cyber resilience of satellites and space programs, emphasizing improvements for both ground segments and orbital systems.
While the vulnerabilities in ESA’s satellites are concerning, commercial satellites face even greater risks. Past incidents include a hacker developing a $25 tool to breach SpaceX’s Starlink system, which encompasses a constellation of approximately 3,600 satellites in low-Earth orbit. Furthermore, reports indicated successful hacking of mainstream satellite internet systems by Russia, while Anonymous claimed infiltration of Russian spy satellites in response to geopolitical events.
These occurrences underscore the criticality of addressing cybersecurity in satellite systems, especially as private entities increasingly engage in space exploration and satellite deployment.