US ramps up space cyber defenses eyeing private businesses

The National Institute of Standards and Technology (NIST) adopted the Cybersecurity Framework for the space sector. Experts want to see more scrutiny on space-based software and firmware.

The newly released NIST report provides guidelines on applying the Cybersecurity Framework to space operations, particularly focusing on the satellite command and control (C2) segment or ground stations.

Ang Cui, cybersecurity expert and founder of the cybersecurity firm Red Balloon Security, welcomed the introduction of the guidance, calling it a “very important initial step” in increasing the space sector’s resilience to cyber threats.

“Private satellite systems pose significant risks to US adversaries and can also serve the needs of criminal organizations. This makes them an important target.”

Cui said.

“Ground-based satellite components can be susceptible to a wide range of malicious attacks which could lead to service disruptions, espionage, manipulated data, and even physical damage,” Cui told Cybernews.

According to him, the commercial space industry ought to recognize the volume of threats it faces. Last year, both Russia and China expressed concerns over US space-based businesses, with a particular focus on Starlink.

“Private satellite systems pose significant risks to US adversaries and can also serve the needs of criminal organizations. This makes them an important target,” Cui said.

Even though NIST’s guidance is a good first step, it’s only the beginning, Cui thinks. Satellite communications providers should undergo security reviews and testing of all devices, hardware, firmware, and software, including organizations in the supply chain.

“We need greater scrutiny of the software and firmware supply chain, in particular, to ensure better security throughout the satellite ecosystem,” Cui said.

What’s in the framework?

US authorities' increasing attention to securing satellite infrastructure does not come as a surprise, as 2022 brought cyberattacks on ground segments of space-based companies such as Viasat and Starlink.

“Space is an increasingly important element of the Nation’s critical infrastructure. A loss or degradation of space services could significantly impact the security and economic well-being of the United States,” reads the report.

NIST’s Cybersecurity Framework, a set of guidelines, practices, and standards for safeguarding critical infrastructure, has been used by terrestrial organizations since 2014.

Starlink mobile
Image by Shutterstock.

Creating a separate profile for space fairing companies signals the US views private space as an integral part of its space-based infrastructure. The report outright says that US national space capabilities could be augmented with private businesses.

“To protect this sector, the NIST has developed this Profile under the Cybersecurity Framework to assist the operators of the commercial ground segment of the space sector in providing cybersecurity for their systems,” reads the report.

NIST specifically focused on providing guidelines for the ground segment of space operations, adding that it may be impractical to implement some of the security measures on satellites since spacecraft are severely limited by their size, weight, and power constraints.

However, attacks on ground stations are the most likely, since attackers are more familiar with the tools used there.

According to Isaac Ben Israel, chairman of the Israeli Space Agency (ISA), the ground stations that a threat actor may attack to influence the satellite in space are using the same computers, software, and hardware as anyone else.

The easiest way to target a satellite would be to try intercepting systems that use, transmit, and control data flow.

For example, a report from Russian scientists published last year expressly points to Starlink’s ground stations as the weakest link in the whole infrastructure of the constellation.