As satellite operators move ground control services to the cloud, scientists are trying to anticipate how space weather could affect the future deployment of data centers outside Earth.
The pace of space commercialization has been accelerating for several years now. According to data gathered by the Union of Concerned Scientists, an MIT-based non-profit organization, 699 satellites were launched into space in the first four months of this year, more than in 2017 and 2018 combined.
The uptick is mainly driven by private space companies such as SpaceX. Elon Musk's venture alone runs over a third of all operational satellites currently in orbit and is promising to launch another 42,000 over the next decade. This commercialization of space has ended the government monopoly and created a demand for businesses servicing the newly launched space assets.
According to Paul Coggin, a cybersecurity expert and scientist, his peers all over the world should be taking note, as space is the new frontier for innovation. For example, tech giants such as Amazon, Microsoft, and Google have started offering cloud-based ground control services for companies with assets in orbit.
"From a cybersecurity professional standpoint, it's fascinating that data centers that we used to have here on Earth are now moving to space,"Paul Coggin, a cybersecurity expert and scientist, said.
"From a cybersecurity professional standpoint, it's fascinating that data centers that we used to have here on Earth are now moving to space. There are companies that are planning to launch satellites and provide cloud-based services up in space now," Coggin said at the SEC-T - 0x0EXPAND conference in Stockholm.
Coggin claims that the transition will raise many questions, such as how security experts will do incident forensics and response when some of the affected assets are not on this planet. However, solving these problems will create new industries, equipped to help satellite operators secure their devices.
Space vs security
Transition to the cloud has been a security issue here on Earth, and space is hardly any different. However, securing devices off-planet has its challenges. For one, communication with space assets can only be carried out via signals. Though old-school radio frequency-based comms are gradually being replaced with laser-based technology, problems remain.
For example, space weather – an ionized particle stream emitted by the Sun – prevents satellite operators from encrypting data that's being transmitted. According to Coggin, encryption in space would require additional gear aboard the satellites, ballooning the price of the spacecraft and the services it provides.
"The solution to securing satellites is radiation hardening to protect from the ions. But that drives up the cost. Encryption is heavily recommended, and everyone talks about it. But unless it's a very sensitive network satellite, most likely it is not being encrypted," Coggin explained.
According to Coggin, threat actors are well aware of the lack of encryption and have used this vulnerability to their benefit. For example, in the mid-90s Brazil-based hackers infiltrated a satellite owned by the US Navy and used the device for personal communication. Even though satellite operators were aware of this, there was little they could do, as rewiring an in-orbit device is a monumental task even for a resource-rich US military.
Moreover, making arrests did not decisively solve the problem, as the vulnerability exploited by the malicious hackers remained unpatched.
"The authorities finally got 39 people across six states in Brazil arrested, but by that time new people started using the satellite because it was still open," Coggin explained.
One way to prevent outsiders exploiting a device that a company has spent a small fortune developing and maintaining off-planet is to change the whole architecture. According to Coggin, software-defined satellites are an emerging design that will allow device configurations to be changed even after they have been launched into space.
However, to secure satellites and the communication signals they transfer, future developers will have to find a more unified approach to how satellite software works. For example, current in-orbit devices run on dozens of operating systems, and numerous protocols control them.
While the multitude of software used to operate spacecraft makes it much harder to hack them without expert knowledge, it also makes detecting potential threats a nightmare.
"If we want to start doing space threat-hunting, there's a whole lot of operating systems and protocols and command languages that we're going to have to get tooled up for, depending on what our domain of responsibility is," Coggin said.
Interestingly, technologies with cloud-based architecture are deployed to help satellite operators increase security. Companies send software-defined satellites that can run container-based virtual machines (VM) in space. This technique could eliminate an insecure container without affecting the satellite.
"If you discover there might have been a security breach, maybe you could go and pull back an old version of that container, put it back in operation, and take the suspect container out," Coggin said.
More from Cybernews:
Subscribe to our newsletter