From Sputnik To CubeSats: The Evolution Of Satellite Technology And Cybersecurity Challenges
By John Oncea, Editor
As more satellites are put into orbit the chances of a hacker gaining control of one rises as well. What is being done to keep the over 10,000 satellites circling the Earth out of the hands of cyberterrorists?
Imagine it’s Friday, October 4, 1957, and you’re Dr. John P. Hagen, an expert in microwave electronics, radar, radio astronomy, and rocketry and, as of 1955, director of the Vanguard Earth satellite program. You arrive early to a reception at the Soviet Union's Embassy in Washington, D.C. hoping to talk to a few Soviet scientists you have become friends with after years of association in international scientific organizations.
It had been a difficult week already and you were expecting nothing more of the reception than the opportunity to mingle with other national security intelligence members and engage in petty games of one-upmanship with the Soviets. It would be a welcome end to a stressful week attending Comité Speciale de l'Année Geophysique Internationale (CSAGI), a 6-day conference on rocket and satellite research for the International Geophysical Year held at the National Academy of Sciences.
You begin to grow concerned when the Soviets intimate they could probably launch their scientific satellite within weeks instead of months, as the public schedule said. You slowly begin to realize that Sergei M. Poloskov’s offhand remark on the conference’s first day that the Soviet Union was “on the eve of the first artificial earth satellite” was more than boastful, alliterative rhetoric. At the same time, you wonder what a surprise Soviet launch would mean for your Vanguard program and the U.S. in general.
Your concerns are confirmed when, a little before 6 p.m., New York Times reporter Walter Sullivan receives a call from his Washington bureau chief informing him that the Soviet news agency Tass had just announced the launch of Sputnik 1, the world's first Earth-orbiting artificial satellite.
“When he returned to the party Sullivan sought out Richard Porter, a member of the American IGY committee, and whispered, ‘It’s up,’” writes NASA. “Porter’s ruddy face flushed even more as he heard this news, although he too suspected Sputnik’s imminent launch, and he glided through the gaggles of scientists, politicians, journalists, straphangers, and spies in search of Lloyd Berkner, the official American delegate to CSAGI.”
Berkner, upon learning the news, asked for silence and told the reception attendees, “I wish to make an announcement. I’ve just been informed by the New York Times that a Russian satellite is in orbit at an elevation of 900 kilometers. I wish to congratulate our Soviet colleagues on their achievement.”
With that, your face turns pale. The Russians had beaten the Vanguard satellite into space and, as NASA writes, “With the launch of Sputnik 1, the Space Age had been born and the world would be different ever after.”
Within a year of the launch of Sputnik 1, “President Dwight Eisenhower created the National Aeronautics and Space Administration (NASA),” writes National Geographic. “This competition in technological development would lead to the Moon landing, space shuttle, and International Space Station, which still orbits Earth today.”
LEO, MEO, And GEO
While Sputnik was the first satellite, it certainly wasn’t the last. More than 16,000 satellites have been launched since that fateful October day in 1957 and SpaceX alone is aiming to send 42,000 more into orbit over the next 20 years.
According to Orbiting Now, there are 10,247 satellites and other objects orbiting Earth as of July 31, 2024. This includes 8,000 in Low Earth Orbit (LEO), 210 in Medium Earth Orbit (MEO), and 545 in Geostationary Orbit (GEO).
“Low orbits are easier to reach and have certain advantages for small satellites,” writes Kongsberg. “Radio signals take much less time to reach LEO than GEO. As a result, low-orbiting communications satellites can deliver higher-quality internet service. Being closer to Earth also lets satellites communicate with Industrial Internet of Things (IoT) devices despite these devices’ low-power radios.”
The most common primary missions of these various satellites are communications, Earth observation, technology development, navigation, and space science. “Except for navigation,” Kongsberg writes, “these missions are increasingly performed by small satellites. For example, 80% of communications satellites and 79% of technology development satellites have launch masses below 300 kg.”
The rise of small satellites is a recent trend. In the 1990s only 34% of the satellites launched were of this type while during the 2020s small satellites accounted for 94% of launches. In fact, 72% of active satellites fall into the small category, including:
- 2,379 super-microsatellites
- 331 microsatellites
- 790 nanosatellites
Unlike the thousands of satellites in orbit today, Sputnik 1 was launched during a time when hacking didn’t exist in the modern sense of the term. But today, hacking – the unauthorized access to computer systems – is a real threat to satellites.
Just how much of a threat and what can be done to counter it? Let’s find out.
A Brief History Of Satellite Hacking
The history of satellite hacking dates back several decades and has evolved alongside the growing intricacies of satellite technology. Here are some key events and developments in satellite hacking, thanks to The Conversation:
- 1998 ROSAT Incident: One of the earliest reported cases involved the U.S.-German ROSAT X-ray satellite. Hackers allegedly gained control of the satellite by breaching computers at NASA's Goddard Space Flight Center. They instructed the satellite to aim its solar panels directly at the sun, damaging its batteries and rendering it useless.
- 1999 SkyNet Ransom: Hackers took control of the UK’s SkyNet satellites and held them for ransom.
- 2008 NASA Satellite Takeover: Hackers, possibly from China, reportedly gained full control of two NASA satellites for brief periods – one for about two minutes and another for about nine minutes.
- 2018 Chinese Hacking Campaign: A group of Chinese state-backed hackers allegedly launched a sophisticated campaign targeting satellite operators and defense contractors.
- Iranian Hacking Attempts: Iranian hacking groups also have been reported to attempt similar attacks on satellite systems.
More recently, according to Scientific American, was the “2022 Viasat KA-SAT attack, attributed to Russian state actors, (which) overpowered the satellite’s communication protocols. This led to widespread internet outages and disruptions in remote sensing services across Ukraine and other parts of Europe that affected more than 9,000 subscribers in France and roughly 13,000 subscribers in other European countries and resulted in a major German energy company losing remote access to more than 5,800 wind turbines. The incident prompted an international call from the European Parliament for stronger cybersecurity measures in space technology, emphasizing the need for enhanced cyber-resilience in response to the challenges observed during the Russian invasion of Ukraine.”
Several factors contribute to the vulnerability of satellites, including the use of off-the-shelf technology in satellite construction, especially for small CubeSats, which can be more easily exploited. Other factors are:
- Lack of cybersecurity standards and regulations for commercial satellites.
- Complex supply chains and multiple stakeholders involved in satellite management, leading to unclear responsibility for cybersecurity.
- Pressure on companies to cut costs and speed up development, potentially at the expense of robust security measures.
The potential consequences of satellite hacking have become increasingly severe over time. Hackers could potentially shut down satellites, denying access to their services. They also can jam or spoof satellite signals, disrupting critical infrastructure like electric grids, water networks, and transportation systems, as well as take control of steerable satellites, potentially causing collisions with other space objects.
As satellite technology continues to advance and more satellites are launched, the importance of addressing cybersecurity in space has become a critical concern for both government and commercial entities.
Legislating Satellite Security
Scientific American writes, “The vulnerability of satellite systems to cyberattacks is no longer theoretical.” Adding, “We need immediate, fortified satellite cybersecurity – not as a distant aspiration but as an urgent imperative right now. This is not a call for vague future planning but a demand for decisive action now to avert an all-too-likely scenario where critical services are incapacitated with far-reaching and devastating consequences.”
Regulation, according to The Conversation, will be a big part of securing satellites. It writes, “Some analysts have begun to advocate for strong government involvement in the development and regulation of cybersecurity standards for satellites and other space assets. Congress could work to adopt a comprehensive regulatory framework for the commercial space sector. For instance, they could pass legislation that requires satellite manufacturers to develop a common cybersecurity architecture.”
In addition, it should be mandated that all satellite cyber breaches get reported, and exactly which space-based assets are deemed critical should be identified to prioritize cybersecurity efforts. “Clear legal guidance on who bears responsibility for cyberattacks on satellites also will go a long way to ensuring that the responsible parties take the necessary measures to secure these systems,” The Conversation adds.
The traditionally slow pace of congressional action suggests that a multi-stakeholder approach involving public-private cooperation may be needed to ensure cybersecurity standards. Whatever the final plan ends up being, governments and industry must act now because every successful hack of a commercial satellite is a threat to all of the people of Earth and all of the other satellites in orbit.
Industry Needs To Step Up
Given the slow pace at which governments move, satellite designers, engineers, and operators most likely will need to take action to defend against the threat of cyberattacks, writes Emerson. Those actions include:
- Supply Chain Security: Satellites are made up of many parts that could be tampered with by adversaries if they gain physical access before installation. Manufacturers must be aware of supply chain risks and enforce strict security protocols with vendors.
- Ground-Based Testing: Testing processes designed to mimic hacking attempts allow developers to identify vulnerabilities and enhance resilience before deployment.
- Encrypted Communications: Advanced encryption is crucial to protect against satellite cyberattacks by ensuring that unauthorized parties cannot decipher communications between the satellite and ground stations.
- Cyber security Software: Satellite systems can be protected from threats by onboard cybersecurity programs with software updates available even after launch. Artificial intelligence (AI) and machine learning (ML) play a significant role in analyzing data from sensors to detect potential threats.
- Redundancy: Satellite systems can be designed to operate even when partially impaired, providing a last line of defense if compromised.
Quantum communication and Satellite Link Emulation are two other strategies to employ in the effort to keep hackers away from satellites.
“Quantum key distribution (QKD) uses the principles of quantum mechanics to ensure secure communication by creating an encryption key that is effectively impossible to decipher by outsiders,” Emerson writes. “This technology is currently being tested in several pilot projects around the world and promises to provide a new level of security for satellite communications.”
The promise of quantum satellite communications is exciting but there are significant challenges. These include miniaturizing quantum technology for satellites, maintaining signal integrity over long distances, and establishing global communication standards. Overcoming these hurdles could lead to widespread adoption of quantum communications, fundamentally transforming security for satellite and global communications.
Satellite Link Emulation, on the other hand, is already in use in satellite development. To model and evaluate system performance, engineers designing these systems must replicate real-life conditions using third-party simulation software and real-time hardware-in-the-loop testing. This involves emulating satellite orbit, payload characteristics, and utilizing the NI satellite link emulation IP to combine signals and add noise and carrier wave interference.
This test helps evaluate satellite hacking security measures by simulating complex space environments before launch. It's a cost-effective solution to reduce satellite failure risks and allows engineers to assess system performance under different channel emulator parameters like Doppler, delay, losses, impairments, and interference. This process helps validate next-generation satellite datalinks, speeding up satellite integration and service entry.
“By integrating with most commercially available third-party or customer software, it provides scenario generation and orbital simulation,” writes Emerson. “This comprehensive testing and validation process helps in enhancing the security measures against potential satellite hacking attempts.”