The new generation of Low Earth Orbit (LEO) satellites — thousands of which will be launched over the next few years — may be easier to secure from cyberattacks than current constellations, but in some ways they present a larger attack surface for hackers, according to a panel at CyberSat Friday.
“There’s new things that need to be protected” in a LEO constellation, explained Ronald Einhorn, the space programs lead systems engineer for Airbus Defense and Space. He cited the increased number of ground stations as an example.
LEO systems also offer “additional points of entry” for hackers seeking to disrupt the service a constellation was providing, he said. Because the terminals that connect to LEO constellations need to move in order to follow the satellites across the sky, they might be vulnerable to malicious code injection that misdirects their antenna, causing service interruption.
The new generation of small LEO satellites are also becoming more complex than the simple “bent pipe” of traditional communications assets, Einhorn explained, with software-defined radio, beam-forming networks and other characteristics that hackers could try to attack.
“All that added complexity … creates a larger attack surface,” he said.
On the other hand, added Dennis Gatens, the chief commercial officer for Cloud Constellation, the new generation of software-defined satellites could be updated and patched on orbit, something that wasn’t possible with legacy, hardware-based birds.
“You can make them more secure today than the ones we’ve had sitting in Geostationary Orbit (GEO) or Medium-Earth Orbit (MEO) for years,” he said.
Einhorn pointed out that LEO satellites also “may be more difficult to jam (than traditional GEO birds because) the beams are smaller so you don’t have the wide area beams that can be jammed from geographically distant locations.”
He pointed to the “industrialization” of satellite manufacturing, with much lower costs and orders of magnitude greater production rates than traditional satellite. “If you’re building a satellite a day,” any vulnerabilities that are found can be assessed, remediated and fixed “within a few months, not decades” as would have been the case with traditional production rates.
The downside of the new, more commoditized or industrialized manufacturing process, he added, was the lower price point. “We’re trying to make the satellites less expensive so there’s not the resources to apply to any given satellite to put the state of the art, exquisite protection,” that could have been included with traditional bespoke manufacturing.
“The upside is … with every (production) spiral, we’re looking at what we can do to add value” by improving the build. “That might be more cyber(security),” he said.
The orbit itself might make the new generation slightly harder to attack, added Ahsen Abbasi, senior technical manager for real time operations for Iridium. “The fact they’re in LEO means that you don’t have the same access time from the ground. You have to have more precise knowledge of location… you have to have the ability to track it,” he explained.
“I’m not saying it’s insurmountable, but the barrier to entry (for hackers) is in some ways higher” for LEO.
And it was already very high for the satellite sector in general, Abbasi pointed out. “The cost of trying to hack a satellite is very high,” he said. “You have to have a dedicated adversary that’s willing to take the time and money and effort” like a nation-state.
But he added, as more networks begin to include space-based elements, non-state actors like cybercriminals who are currently attacking terrestrial networks might migrate to attacking satellites.
“As we go forward as more and more of the capabilities and functions that we currently do exclusively terrestrially, move into space … it may motivate other actors that are not nation states to try to infiltrate these networks,” he said.
One of the biggest challenges, Abbasi added, was just being in the communications business. “We have to allow users, external entities access to our system. They have to be able to inject their data into our network,” he explained. Even without malicious intent, “users sometimes use the system in ways you did not expect.”
He gave an example of a customer “A few years back” who had been “injecting data with much greater frequency than users generally do,” almost effectively mimicking a denial of service attack.
Some things won;t change, even with the new LEO generation, concluded Einhorn. “You still have to protect the space segment, the ground segment, your earth to ground link and your networks,” he said.