New hot cybercrime territory
Space is literally and figuratively a vast field, with increasing commercial interests. Consequently, it is becoming a realm where cybercrime stretches out its tentacles. Take Starlink, for instance, the well-known satellite internet constellation operated by SpaceX. A Belgian researcher managed to hack Starlink with a €25 device, demonstrating that even companies investing heavily in cybersecurity and space have vulnerabilities that hackers can exploit. More recently, examples of cyberattacks in space include the hacking of an American satellite during the Ukrainian-Russian war, leaving around 40,000 users without internet.
Why cybersecurity in space is so important
Space assets are now considered critical infrastructure due to their indispensable role in supporting essential services like navigation (Galileo), communication (IRIS2), and secure government operations (GOVSATCOM), which underpin transportation, finance, national security, and other vital sectors. Their connection with terrestrial infrastructure means disruptions can have cascading effects, making their protection crucial for maintaining societal and economic stability in an increasingly space-dependent world.
As mentioned, space is no longer solely government territory. As technology evolves, there is a significant push towards the commercialisation of space. One example is interconnectivity with so-called 5G NTN (non-terrestrial networks) to provide 5G in remote areas. Part of the 5G framework will be implemented in space, opening the door to a wide array of cyberattacks and vulnerabilities. Commercial off-the-shelf (COTS) codes are widely used in commercial missions. However, these codes are not always developed with security in mind. Space is indeed very much the new playground for hackers and researchers, with many new vulnerabilities to exploit.
The space system architecture
A space system consists of four main segments: the space segment, the ground segment, the user segment, and the link segment. The space segment consists of satellites, each with its onboard systems, called payloads.
The ground segment includes control centres that operate and control the satellites. It also contains antennas as well as uplink and downlink communication stations, which require significant data processing and storage.
The user segment comprises us, the users, as well as all the apps and services we utilise. User terminals and small antennas are also part of this segment.
Finally, the link segment involves communication between the space segment, ground segment, and user segment, including downlink, uplink, telecommand, and telemetry data.
This setup opens the door to many types of attacks, from malicious satellites pretending to be legitimate to compromised ground stations pushing malicious updates and malicious users intercepting signals with software-defined radios.
Attacks in space
The evolving threat landscape in space presents significant challenges to satellite security. All the mentioned segments are vulnerable to cyber and physical attacks, endangering global communications, navigation, and defence systems. As reliance on space technology grows, so does the risk of sophisticated and disruptive threats.
In the space segment, threats include satellite hijacking, signal spoofing, malware infiltration, and orbital debris causing physical or cyber disruption. The ground segment, encompassing mission control, is vulnerable to cyber and physical threats, including unauthorized infiltration via hacking, insiders leaking sensitive data, outdated software being exploited, and even physical attacks.
In the user segment, devices and communication links present significant vulnerabilities. Malware-infected mobile or IoT devices can be exploited as entry points for cyberattacks, while GPS spoofing manipulates location data for fraud. Hackers can intercept user communications as well. Finally, the link segment is also at risk, with jamming attacks disrupting signals and man-in-the-middle attacks altering transmissions. Data injection threats compromise satellite operations, and weak encryption leaves signals exposed.
Defending space systems
With so many threats out there, is it possible to defend our space systems? The cybersecurity space community is working on initiatives, frameworks, and standards. For example, the SPACE-SHIELD framework, led by the European Space Agency, focuses on the space and link segments and is used to build various attack scenarios and present defensive measures. Another framework, SPARTA, focuses more on commercial aspects and covers the ground segment.
Standards like the European Cooperation for Space Standardization (ECSS) and the Consultative Committee for Space Data Systems (CCSDS) provide guidelines for implementing security throughout the life cycles of space projects. Other organisations like the German BSI and NIST also offer valuable reports and standards, and recently, the ISO/TS 20517:2024 standard on cybersecurity management for space systems was introduced.
It is clear that we need a secure-by-design approach to space systems, embedding cybersecurity in all phases of a space project, from development to decommissioning. This includes threat modelling, risk assessment, multiple layers of security, and monitoring the supply chain to prevent compromises. Secure-by-design principles are critically important for space systems due to the unique challenges they face. Space programmes take a very long time to develop, so engineers must think far ahead. Unlike terrestrial systems, space assets are often physically inaccessible for maintenance or patching after launch. This means that vulnerabilities present at deployment can persist indefinitely.
Space is not just about exploration, and with increasing commercialisation, it needs to remain a domain of safety and international collaboration. Cybersecurity is therefore a fast-evolving field in space, and all actors need to work together towards a more cyber-secure space. There are frameworks and standards, but they need to be implemented, and custom solutions for our space missions need to be developed.
