The escalating trends of commercial and defense collaboration in space, and the increasing usage of remote access, are opening up new risks and avenues for cyberattacks against space-based critical infrastructure. While major strides are being made to protect in-orbit payloads, the ground stations that control those satellites and collect telemetry from them may be woefully undersecured. To safeguard these vital systems, it’s imperative that federal agencies and private organizations work together and invest in ground station security. More specifically, I believe there are four technical changes that should be implemented. Companies must deploy solutions that enable just-enough, just-in-time access; have an overlay or gateway between users and sensitive assets; deploy a distributed password vault and lastly; ensure they have a zero-trust data exchange across hybrid satellite architectures. I’ll dive more into these four solutions and their corresponding sources of increased risk — but first, will provide more context on why ground stations are more at risk than ever before.
The growing risks to ground stations
Ground stations are typically workstations used to send and receive telemetry, and generally manage and monitor the operations of military, commercial and mixed-use satellites. Due to the sensitive nature of this work, these workstations were not initially intended to ever be connected to a broader network or the public internet. The modern embrace of remote work, and the strategic demand for real-time data sharing, are changing that.
In addition to being more interconnected and accessible than ever before, these workstations tend to stick around for a long time. It is possible to see satellite ground stations operating older, deprecated operating systems as far back as Windows 7. These machines are still fully capable of handling their operational duties of communicating with satellites, but the operating systems and other software have long since stopped receiving security patches or other upgrades. The historical pattern of keeping these assets essentially air-gapped inaccurately reduces the perception of exposure to growing risk of cyberattacks in the broader technology ecosystem. Therefore, the cost and complexity of upgrading them purely to improve their security posture is not considered justified.
Four contributing factors to risk against ground stations
The core of the risk against ground stations lies at the intersection of increasing remote access and network interconnectivity, and the lack of effective privileged access management. The difficulty of managing privileged access exists at some level across every agency and every enterprise in every industry.
Here are four areas of risks that must be addressed within Federal agencies and private organizations across the Defense Industrial Base, to stem the risk of ground stations being compromised and used by our adversaries to weaken our national security.
Maintaining security in the face of increased interconnectivity: Formerly air-gapped assets are connected to a network for myriad reasons. Enabling remote monitoring and management and streamlining data sharing are two compelling reasons to connect ground stations specifically. The downside of this is that the assets are then exposed to more avenues for potential ingress. For a cyberattacker to gain access to a ground station with no monitoring or accountability could provide a powerful foothold for them to conduct internal reconnaissance and lateral movement as part of a broader campaign to maintain persistence inside critical infrastructure systems.
To address this challenge, companies should deploy solutions that enable just-enough, just-in-time access to be granted to any type of asset, while maintaining zero-trust principles such as least-privilege, and applying these policies to assets, applications and data. Increased interconnectivity may be urgently necessary to support the mission of modern public-private collaborations in space, but this connectivity must be secured using modern, zero-trust principles.
Challenges of privileged access for aging software and hardware: Many solutions for providing granular control of access privileges require the installation of an agent or client-side piece of software on any endpoint to be controlled. This is often not feasible in cases where the endpoint in question, such as a ground station, runs an older operating system that is not supported by modern software. This leads to the unfortunately common practice of sharing access credentials or granting open-ended privileged access to assets that are uncooperative with modern access management solutions.
To address this challenge, enterprises should leverage an overlay or gateway between users and sensitive assets. This overlay would allow modern security best practices such as multi-factor authentication to be applied to assets with no inherent capability to enforce such policies. Notably, this approach does not require the workstation to be replaced, extending the productive life cycle of the asset while also reducing costs.
Stopping “living off the land” attacks in ground stations: Living off the land techniques used by sophisticated cyber adversaries that are specifically targeting critical infrastructure depend heavily on legitimate credentials, applications and network traffic inside their target environments.
The widespread use of shared credentials with privileged access against assets such as ground stations makes them an appealing target for such adversaries. It’s in enterprises’ best interest to deploy a distributed password vault to store usernames and passwords in a way that is vastly more difficult to compromise. In such a system, username and password information is stored in separate nodes across a distributed cybersecurity mesh that uses a cryptographic methodology called Shamir’s Secret Sharing to prevent theft and protect the integrity of credentials.
Shamir’s Secret Sharing breaks the critical information into pieces stored across multiple nodes. The nodes must all authorize access through a consensus process using a secure cryptographic algorithm. If one node is under attack, the others will prevent critical data from being accessed.
Securing sensitive telemetry passing through ground stations: Satellites are fundamental to systems that affect everyone’s lives, from the Global Positioning System to imaging satellites used to inform real-time military operations in remote regions of the world. The premise of hybrid satellite networks is gaining momentum, in which privately owned and public satellites interoperate to transmit sensitive data rapidly from collection point to end user to drive critical decisions with human lives at stake. As this radical shift becomes reality, the challenge and the importance of securing that data in transit goes up.
Zero-trust data exchange across hybrid satellite architectures is key through a cybersecurity mesh. It allows data to be transmitted directly from the sensor or payload that collects it across a cryptographically secured connection with data integrity checks at every step and granular access permissions enforced at any access point.
The risks against ground stations are influenced by a broad range of technological and geopolitical factors. The challenges are real, but the stakes are high, and these risks are worth addressing with the most modern zero-trust security approaches available.
Matthew Heideman is President and General Manager at Xage Security Government, a wholly-owned affiliate of Xage Security dedicated to addressing the cyber protection needs of the federal government’s most critical missions, operations and assets. Prior to joining Xage in 2022, Matt led strategic partnerships and growth at D2iQ,where he expanded the company’s public sector business. Earlier, he spent more than eight years as a Department of Defense business sales and delivery executive at IBM, and also held positions at Deloitte, Lockheed Martin and TEKsystems.
