Flying too close to the Sun: Cyber Vulnerabilities in our Space Infrastructure

Conor McMahon

3 min read

When I used to think about danger in space, I used to picture the most dramatic risks: explosive rocket failures, asteroid strikes, and astronauts getting stuck on a space station with no way home. But recent news has revealed a more insidious threat, with consequences on Earth as well as in the skies. Satellite systems underpin much of modern life, from navigation and financial transactions to critical national security functions. Any disruption of these systems would be costly. Therefore, it’s concerning that malicious actors have been caught testing GPS jamming over Europe, with experts believing that “reception of signals across very wide areas of the globe” can be prevented “at will”. It’s not only GPS that is at risk – space companies themselves are reporting a recent upsurge of attempted cyberattacks targeting their employees, customers and suppliers. In addition, the advent of quantum computing is threatening to break the fundamental algorithms satellites use to encrypt information, which experts predict could happen within the next ten years. Considering the valuable and sensitive data transmitted, decryption of these channels is an understandably attractive target for malicious actors.

The landscape is becoming more challenging, too. Satellite computing systems are more complex, orbital space is congested with systems operating under different protocols, and competition is pushing tech companies to prioritise rapid development strategies. Cybersecurity experts recognise these risks and are working to mitigate them. In this article, we explore some key areas of cyber risk in the space industry, and look at what space companies can do to protect themselves.

Supply Chain Risk

Space companies realise that even if they secure their own systems, they rely on sourcing components from their suppliers and supplying to their customers. The news of a recent upsurge in cyberattacks demonstrates that the whole supply chain is at risk from cyberattacks. The supply chain is only as strong as its weakest link. Moreover, space industry supply chains can be fragile because each component in a spacecraft requires stringent certification and quality assurance at each stage. There is often only a small group of suppliers who can make a certain space-worthy component. A malicious actor could disrupt a region’s space industry with a small, targeted attack on a key supplier. High complexity and testing requirements mean that if design files were destroyed it could take years to recreate a component, conduct testing and certification, and restart production. Manufacturers with highly interconnected or fragile supply chains must manage these risks. As an example, Airbus generally requires key suppliers to pass a cybersecurity assessment as part of a tender, with ongoing audits of compliance.

Post-Quantum Cryptography

Another emerging challenge is quantum computing. While large-scale quantum systems are not yet capable of breaking current encryption methods, there is a growing expectation that this will change within the next ten years. Satellites being designed now may be several years from launch, with many expected to have multi-year operational lifetimes – increasingly so with in orbit servicing. If those systems use traditional encryption methods to communicate sensitive information, malicious actors may be able to intercept the data and store it, only decrypting it later (known as “harvest now, decrypt later”). This vulnerability can be mitigated through “post-quantum cryptography”, which has been developed to be safe from quantum decoding. Although these protocols require higher computing power, increasing the weight of a satellite, that may be a necessity for security. Planning for the post-quantum world, and re-assessing the weaknesses of both current and planned satellite communications, is an important element of cybersecurity in satellite communications systems.

Direct Threats to Satellites

There are also natural dangers posed to technology in space. Coronal mass ejections send bursts of radiation and plasma towards Earth during solar storms. Satellites are exposed and vulnerable, being less well protected by the Earth’s magnetic field and atmosphere. The radiation and plasma can permanently damage satellite hardware, which could lead to a communications or surveillance blackout. Even worse, corruption of the navigation system or increase in atmospheric drag caused by a solar storm could lead to a collision. To mitigate the risks from both human and natural sources, space engineers are designing systems to survive damage and sabotage. Redundancy is being added to communication networks, allowing them to route around compromised satellites, and individual operating systems use algorithms to detect loss of data and failure of physical components. Technology which can forecast solar storms is also improving: AI models have recently surpassed the prediction accuracy of previous methods, and the SOLAR-1 Observatory, the first American satellite designed exclusively for space weather observations, is now fully operational. Prediction of solar storms allows satellite providers to protect sensitive systems by temporarily shutting them down, or to pre-emptively raise altitudes to overcome an increase in atmospheric drag.

Conclusion

Infrastructure systems in space are exposed to both deliberate cyber threats and natural hazards. A substantial and growing reliance on satellite technology increases the consequences of disruption. With these issues recognised, they can be mitigated through cautious planning. The fragility of supply chains means that a single point of failure can have wide-reaching effects, and so companies are focusing on improving their supply chain resilience. The commercial expansion of space tech surely increases competition and supply chain resilience. Quantum technology will force providers to implement post-quantum cryptography to maintain long-term data security. At the same time, communication networks are being built with increasing resilience to hardware failure or dropout. Overall, effective protection of space infrastructure requires a system-wide approach to manage vulnerabilities in design, supply chain, and operation.

News, insights, and features

Stay up to date with our latest thinking.