US girding up for cyberattacks against satellites

This month, the US Space Force participated in a training exercise to refine its defensive and offensive skills using the Moonlighter imaging satellite.

The Space Force says Moonlighter is the world’s first and only hacking sandbox in space, previously featured in Space Systems Command’s Hack-a-Sat 4 competition. The source notes that the primary objective of the Moonlighter exercise was to enhance the US Space Force’s defensive cyber operations capabilities, aligning with evolving threats in the space-cyber domain.

The source says the exercise adopted a “Purple Team” approach, where offensive (Red Team) and defensive (Blue Team) forces collaborated to create a learning environment that encouraged growth and adaptability.

As for the participating units, the source says that the 527th Space Aggressor Squadron Cyber Flight took on the role of the Red Team, probing the Moonlighter satellite’s defenses and providing a realistic testing environment for the Blue Team.

It notes that the Blue Team, comprising units such as the 62nd Cyberspace Squadron (CYS), 64th CYS, 65th CYS, 68th CYS, 663rd CYS, 664th CYS, and Delta 6, Det 1, worked to protect the Moonlighter satellite, developing and deploying strategies to defend against cyberattacks and safeguard the satellite’s critical functions.

Military importance of satellites

Space-based assets such as satellites play an increasing role in enabling military operations. Satellites have become critical command and control nodes, bringing several cyber vulnerabilities.

In a September article for Forbes, Duncan Greatwood notes that space is rapidly evolving, with military, civilian, and critical infrastructure sectors experiencing physical and digital transformation.

Greatwood notes that the yearly number of low-Earth orbit (LEO) satellites launched exceeds 22,000, and data communication between ground and space has increased. He also notes that as government and private space assets merge, cybersecurity in space is crucial for protecting various aspects, including ground stations, launch facilities, and cross-constellation communications.

Greatwood cites the example of Russia mounting a cyberattack against US satellite company Viasat hours before its February 2022 invasion of Ukraine, resulting in the Ukrainian military losing command and control, as it relied on Viasat’s services. 

The attack used “AcidRain” malware, quickly erasing all data on Viasat modems and routers, forcing them to reboot and become permanently disabled, in effect destroying them. The cyberattack spread to Internet users and wind-turbine farms in Central Europe.

It also exposed the potential vulnerability of the US military and its partners who rely on Viasat’s services for command and control.

Aside from Russia, other potential US adversaries have developed counter-space cyber warfare capabilities as an asymmetric means to blunt the US space advantage.

Financial Times reported in April that China is developing sophisticated cyber weapons to “seize control” of enemy satellites, rendering them useless for data signals or surveillance during wartime. FT says China’s more ambitious cyberattacks aim to mimic the signals that enemy satellites receive from their operators, tricking them into either being taken over entirely or malfunctioning during crucial moments in combat.

Underscoring the threat of cyberattacks on satellites, Kari Bingen and other authors write in an April report for the Center for Strategic and International Studies (CSIS) that cyberattacks target data itself and systems that use, transmit, and control data flow.

Bingen et al say cyberattacks can monitor data traffic patterns, intercept data, or insert corrupted data or commands. They note these attacks can target ground stations, end-user equipment, or satellites.

While the authors say cyberattacks require a high degree of technical understanding, they don’t require significant resources and can be contracted out to private groups or individuals. They write that a cyberattack on space systems can result in data loss or services, potentially having widespread systemic effects.

Bingen et al note that if an adversary seizes control of a satellite, it can shut down communications and permanently damage its electronics and sensors. They add that accurate and timely attribution of cyberattacks can be difficult because attackers use various methods to conceal their identity.

Vulnerabilities

Satellites may also have features that make them especially vulnerable to cyberattacks. In an August article, Defense One notes that the distance between Earth and satellites makes it challenging to respond to a cyberattack against the latter.

Defense One also notes the difficulty of attributing cyberattacks against satellites, as they are exposed to high solar-radiation levels that can cause hardware failures or software errors. The source says malicious code can be embedded in legitimate code damaged by solar radiation.

It also says most satellite designs may be obsolete against rapidly evolving cyberattacks, as they have purpose-built embedded systems designed to last up to 15 years.

The source also says satellites’ remote access exposes them to cyberattacks globally, and their complex and diverse systems make it challenging to identify vulnerabilities. In addition, it says many satellite operators are unaware of the cyber threats they face or lack the resources to address those vulnerabilities.

Cognizant of those vulnerabilities, the US has devised unconventional approaches to address cybersecurity threats against its satellites.

In August, Politico reported that US hackers had launched a series of cyberattacks on a US government satellite, aiming to build more secure space systems and identify security gaps. Politico says that US Air Force and US Space Force organized the DEF CON cybersecurity conference, featuring a contest to seize control of the Moonlighter satellite remotely.

It says the event reflects the growing danger of adversaries developing cyber capabilities to infiltrate and block US defenses.

Cybersecurity will be a core focus of US space strategy in the coming years. In an April 2021 Atlantic Council report, Clementine Starling and other writers note that the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) should evaluate whether space should be declared the seventeenth critical infrastructure sector.

They emphasize that the space sector must be protected from threats, including cyberattacks, and that the US government should insist on best practices in all space projects, adapting best practices to evolving adversaries.

They also say the US Department of Defense and the private sector should prioritize the resilience of space assets and ground stations to limit harm and overcome failures.