By Sean McClinton
Space has become increasingly contested over the past several years as world powers seek to stake their claim in Earth orbit and beyond. Space is also playing an increasing role in global theater, as evidenced by the conflict in the Ukraine. In this new battleground, and in the commercial arena, data from space remains king. Protecting that data therefore is crucial to both government and commercial satellite operators. Cybersecurity of ground station systems is the first line of defense in protecting that data against bad actors like nation states and criminal entities. Data from both TT&C and data downlink are of primary concern. TT&C concerns center around command and control of the spacecraft, while data downlink concerns relate to listening in or changing what is ultimately getting to the end user.
With the increase in the number of small satellites in low earth orbit and a global network of ground stations needed to provide low latency for data getting between low earth orbit and end users, the threat surface for cyberattacks has grown significantly. Large cloud providers are providing increased capacity and capability to satellite and ground operators to meet demand. This requires satellite operators to understand how to utilize and protect those new capabilities. One capability the cloud providers offer is monitoring and anomaly detection for nefarious activities. End-to-end encryption is critical as the data moves along its path from the provider to the end user.
At RBC Signals, we take cybersecurity very seriously, as should all providers of ground systems for government and commercial customers. The first step in a good cybersecurity strategy is having a risk management framework (RMF) to determine what assets are most attractive to adversaries and how they should be protected. This means taking into account physical and virtual assets and the cost associated with the bad guys getting access to those assets. What data do you have in transit (e.g. command and control communications, earth observation data being transferred, live monitoring information) and what data do you have at rest (e.g. databases with satellite information, data being stored, secure APIs)? How is this data encrypted, stored securely, and how are your encryption keys being managed?
Fortunately, there are standards that can be followed that provide a roadmap to a base secure environment. The current framework for cybersecurity comes from the National Institute of Standards and Technologies (NIST), specifically listed in NIST 800-171. The Cybersecurity Maturity Model Certification (CMMC) for ensuring third party attestations of compliance has different levels of security maturity. Cybersecurity maturity levels range from 1 through 5, with 3 being the base desired level and 5 being the most rigorous. Another approach to cybersecurity, and one that is followed at RBC Signals is Zero Trust. We think everyone in the space communications industry should also be adopting Zero Trust models. The assumption with Zero Trust is that the bad guys are already inside your network. Instead of just focusing on the firewall, one should adopt highly segmented systems. This controls authorization and access within subsystems, thereby restricting who you are providing access to.
We believe the entire space industry must evolve to meet modern and future cybersecurity threats that will continue to allow the valuable data generated in space to be used for its intended purpose and not used for any unintended purposes. While the frameworks listed above provide current guidance on cybersecurity, it’s important to monitor for any recommended changes on a regular basis. Security operations should be a continuous effort since threat actors release new attack tools on a daily basis. Using a risk model to assess the strength of existing controls against these evolving threats can address most potential security vulnerabilities. In the event that a security breach does occur, having established procedures to respond rapidly and effectively is critical. The weakest link in cybersecurity is the human being, which means training your personnel in identifying the different scams is another important piece of the puzzle.
We are entering a brave new frontier and as with any new frontier, steps need to be taken to secure our collective futures. Remember, security is a lifestyle, not a point in time feature.