Hijacked spacecraft, hacked life support systems: the cyber risks of space

Space systems don't just face the usual cyber threats – they have some unique and bizarre threats of their own.

From space pirates to deepfake alien messages, cyber threats are the biggest risk to space operations, say researchers at California Polytechnic State University – and they're warning of more than four million potential threats.

With official attention mainly focused on the dangers of space debris and kinetic conflicts in orbit, they say there's a danger that governments and other space organizations could be caught on the wrong foot.

"A failure to imagine novel scenarios is a major risk in being taken by surprise and severely harmed by threat actors who are constantly devising new ways, inventive and resourceful ways, to breach the digital systems that control our wired world," explains the report.

"To stay vigilant, defenders likewise need to be imaginative to keep up in this adversarial dance between hunter and prey in cybersecurity."

The range of potential threats

The Cal Poly researchers have certainly given defenders food for thought, coming up with a 'scenario-prompt generator' called the ICARUS matrix, which is based on possible threat actors or agents, their motivations and methods, potential victims or stakeholders, and the particular damage intended.

Of the millions of possibilities it can generate, the report focuses on just 42.

These include all the more predictable cybersecurity risks, such as insider threats, AI vulnerabilities, false-flag attacks, communications jamming, and ransomware during a launch.

Some of these have already happened.

The world’s first space cyberattack is generally accepted as the jamming of HBO’s satellite TV services in 1986 by a satellite operations engineer known as Captain Midnight, who wanted to protest the company's charges.

In 1999, a 15-year-old hacker stole the source code from NASA servers that controlled the physical environment of the International Space Station (ISS); and in 2007 and 2008, NASA satellites were hacked, with the attackers taking over control of the Landsat-7 and Terra AM-1 satellites for several minutes.

In 2022, on the day Russia invaded Ukraine, Russia was blamed for 'bricking' Viasat modems with malware, blocking access to satellite internet services to disrupt information and coordination efforts.

However, some of Cal Poly's scenarios are rather more novel. 3D printers could be hacked to create built-to-fail parts; rockets—or even asteroids—could be hijacked and directed at targets on the ground; and light from the sun could be concentrated and focused as a weapon.

Meanwhile, evidence of extraterrestrial life, including messages purporting to come from aliens, could be faked, potentially causing panic and conflict.

Space pirates could also emerge

"In the distant future, with bases and settlements on other planets, pirates could sever communications and misdirect supply transports for their own gain," the team suggests.

"Further, unscrupulous space barons aiming to establish their own autonomous empires, similar to seasteading, could hire mercenaries to defend their claims in space, as well as attack and disrupt the operations of their competitors, by both physical and cyber means."

Meanwhile, they say, the well-publicized cyber risks to smart homes could take on a whole new dimension in the context of off-planet settlements.

"Consider a distributed denial-of-service attack that disables, say, electronic door locks across a space settlement, similar to how DDoS attacks can crash websites as well as physical systems, such as Internet of Things or connected devices," they write.

"Some settlers are locked out (which could be fatal given the freezing nightfall), others are locked in, and movement around the settlement has been halted. Attacks on other systems, such as for life support, could cause harm more directly."

NASA and ESA respond to potential threats

In the last six months, both NASA and ESA have updated their cybersecurity policies.

ESA highlights the risk of rogue states using a compromised ground station—or, indeed, their own facilities—to interfere with a satellite’s command-and-control communications and intercept valuable information.

Much like the Cal Poly researchers, it points out that they could use lasers to blind a satellite from the ground.

Meanwhile, terrorist groups could use satellite jammers to interfere with a satellite’s signal, send spoof signals, eavesdrop, or place malware in satellites themselves.

NASA's new policy, too, warns that threat actors could exploit a mission’s ground systems to tamper with a spacecraft's systems and the dangers of communications jamming and spoofing.

It calls for a continuous process of mission security risk analysis and risk response while also advising organizations to apply the principles of domain separation and least privilege designs to help avoid supply chain attacks.

There was no word about the more out-there cybersecurity risks suggested by the Cal Poly report—and with four million of them, that's hardly a surprise. The report could make an excellent resource for one group of people—it could keep Hollywood scriptwriters going for years.