Op-ed | Don’t let hackers follow us to space
If you have been amazed by recent space breakthroughs like flying a robotic helicopter on Mars, reusable rockets that can land vertically, and the long-anticipated takeoff of space tourism, brace yourself: this is just the beginning. But with new moves into space, there is the risk that we will take our Earthbound cyber vulnerabilities with us into orbit.
The sheer number of space applications is about to mushroom. There are more than 4,000 operating satellites in space, and that total increased by more than 800 in just the first five months of this year. Satellites have gotten smaller and lifting them to orbit has finally become more economical. Companies like SpaceX and Amazon are planning to launch thousands of satellites to provide broadband internet to more places on the globe.
Apart from growing numbers, the way governments and companies use and manage satellites is changing. The business of remote sensing and imaging, which was once top secret and involved a satellite dropping film to be recovered and developed on Earth, now helps us gain real-time awareness of matters ranging from weather to traffic to wildfires. In the realm of national security, satellites help commanders keep an eye on adversaries and handle part of the massive flow of communications and other data produced by the military and other security agencies. Put simply, both commercial and military uses of space are about to explode.
Increasingly, the computer power itself will move to space. Until recently, ground operators controlled nearly all elements of a satellite’s functioning from Earth and any information that needed to be shared among satellites went first to the ground and then back up. This setup creates big challenges in maintaining constant communication with an object in orbit. Furthermore, there is no fiber in space: bandwidth and the ability to move data is limited.
The solution is space-native communication and computing. As mesh networks consisting of hundreds or thousands of satellites take to orbit, they will be far more efficient and effective if they can do more processing and communicating themselves without having to rely on ground control. This development will result in satellites that can recalibrate and shift among various missions.
The downside of satellites becoming more like flying computers is that we risk exporting the same cyber vulnerabilities we see on Earth. This is a real problem since the flawed ways we develop and utilize software in space is coming to resemble how we do it on the ground. Hacked satellites could be shut down, disabled indefinitely by ransomware, or possibly even hijacked by attackers.
To prevent this grim reality, we have to get cybersecurity in space right from the beginning. We will be stuck with whatever we create now given the difficulty of updating hardware once it is in orbit.
The solution is to bring end-to-end encryption and zero-trust software principles to space. The technology exists to encrypt not just a satellite’s data, but all of the functions that a satellite executes. By divvying up satellite management and assigning a key only to trusted users for any and all activities conducted in space, we can get the upper hand on hackers. This breakthrough would also greatly expand the opportunities for collaboration in space.
For example, a military commander could ask for up-to-date imaging of an area of concern. In the old days, this would involve a call out to national assets, which would require waiting for tasking to be sent to the next available spacecraft which would take the imaging and transmit back down for analysis at the next available opportunity. From there, the analyzed information would be sent to the commander to assist decision-making, sometimes after the data was no longer militarily useful. Furthermore, satellite users may not need the top-of-the-line capabilities that distinguish military satellites from commercial ones. Military commanders may not need to know what the tank drivers had for lunch, but simply how many tanks are beyond which hill. This is a case where a zero-trust encryption architecture can drive mission flexibility by opening commercial options to military users.
By utilizing zero-trust, end-to-end encryption data systems, a commander could put in a request for information, after which a call can go out to commercial providers that can provide the data most quickly. Properly encrypted data from compatible satellites taking the observations can go straight to the commander through untrusted infrastructure, including local 5G networks, without revealing how the satellite was tasked or what data it collected to its own operators or anyone else with access to the data flowing across the network, lawful or not.
The government should take the lead in promoting modern end-to-end encryption systems as not just a feature but a central part of the architecture of its zero-trust systems. Whatever architectures and standards are adopted today will solidify into the system for the next 50 years. Let’s hope they’re good. The time to make sure space is security-native is now.
Matt Erickson is the vice president for customer success at SpiderOak, a secure communications and space cybersecurity company.
This article originally appeared in the November 2021 issue of SpaceNews magazine.