Securing low Earth orbit represents the new space race

A piggyback into low Earth orbit

BAE Systems itself has had products and services in and around space for a number of decades already, providing radios for clients including the European Space Agency, as well as for deep space missions.

Nish explains that it has also sought to capitalise on the future scope of space as a new information arena, with a particular focus on low Earth orbit.

“As part of this effort, though, we’ve made sure we’re part of the security conversation, because space as an attack surface is fundamentally different to what it was previously,” he says.

“If you think about a geostationary satellite, they are very much bespoke systems designed for long-life endurance in harsh environments.

“Conversely, for low Earth orbit and nanosatellites, you can build them using more commercially available technologies. The good news is that it makes them easier to develop and manage. But it makes it easier for attackers who also know what they’re doing with these systems too.”

In this sense, there isn’t a whole lot of difference in terms of the attack surface between on-the-ground platforms and the landscape envisaged slightly further up.

That attack surface, rather, comprises not just the physical satellite, but also a ground station that effectively controls the satellite. Joining the party also are a host of receivers that then pick up information from the satellites and aid communications.

The upshot being, an attacker doesn’t have to hit the satellite to hit the satellite.

Nish continues: “The ground stations, in particular, are interesting targets as they are pretty much the same as enterprise networks. There are people sat on desktops or laptops feeding into the network. It just so happens that, at some point, that enterprise network will allow a connection up to an operating system in low Earth orbit, which might also be as familiar as a Linux system.”

If a threat actor can gain access to said laptop or desktop, then the potential to piggyback on whatever is being fed up to that operating system becomes a very real possibility.

“Once you’ve got that right, and are being delivered to an equally recognisable system, you then have potential access to peripherals in the form of cameras, motion sensors, commands – the spacecraft, essentially. Malicious things can easily follow.”

A variety of impacts

For anyone in any doubt of whether this likelihood of attack – and race – is already underway, criminal activity may be sparse so far, but certainly not insignificant.

In spring 2022, global communications company Viasat experienced an outage across Europe, at almost the exact time that Russian troops entered Ukraine. As well as being a commercial broadband provider, Viasat is also used by the Ukrainian military. On closer inspection, the main damage seemed to be collateral across the continent, as a result of a misconfiguration sent down to modems.

However, upon even closer testing of the memory chips from these modems, it was revealed that they had been essentially wiped out, akin to wiping the operating system from a PC. The EU, UK and US have all since concurred that the attack originated from Russia’s GRU, which gained access to the internal management system through a misconfiguration, developed malware to deploy across the network to wipe the modems, and pushed that malware through on the day of the invasion. It wasn’t the satellite itself that was being targeted – it was merely a portal to impact connections and operations on the ground.

“This really demonstrates the lure of satellite attacks – it’s the variety of impacts, and disruption on offer,” Nish notes. “Yes, the majority of attackers are likely to be motivated by money, with space just another frontier to enact ransomware attacks on manufacturers, law firms, finance companies, etc.

“State actors, meanwhile, absolutely need to be factored in as well. They’ll be after what they always have been – political, military or commercial insight; to misdirect; to attain data; to disrupt or destruct; to gain intelligence; and to simply see what another country is seeing as silently and covertly as possible.”

Securing the entire bubble

This is why a united, collaborative defence must be established between public entities and private players.

BAE Systems is already part of the Space Security Information Exchange (SSIE) – a by-invitation group backed by the Centre for the Protection of National Infrastructure (CPNI) and the National Cyber Security Centre (NCSC) – of which Neil Sherwin-Peddie is currently chair. He is also head of space security at BAE Systems Digital Intelligence, and is hugely motivated to mobilise stakeholders in this race’s early stages.

He says: “UK agencies are already coming together to gain better visibility across multiple platforms and from multiple perspectives. As well as BAE Systems, the UK Space Agency and the European Space Agency, other big private players such as Airbus are also involved in the conversation, while the role of smaller businesses and even startups can’t be overlooked. Security is the main part of this conversation between us all, addressing policy, process and procedure to make sure we’re working in one common direction.

“At the moment, there isn’t a user manual or guidebook to follow to secure platforms, so it really is a case of addressing the entire infrastructure as a complete function.”

Ground stations are key to this effort, as the receptor of information being transmitted down from satellites, but also as the controls to guide periphery tech in space such as radios, sensors and communications tools.

“As a starting point, this lays the foundations for mass management of the large, overall infrastructure, and security of the total enterprise,” Sherwin-Peddie adds. “We can’t just look at ground stations though, or user terminals, or the spacecraft; it’s about securing the entire supply chain, knowing that if one element becomes weak or vulnerable, then the whole network has assurances in place to mitigate that.”

First isn’t always best

Sherwin-Peddie notes the level of urgency in this development conversation across numerous public and private parties. And, to that end, he agrees that we are in something of a race; if only against time at this stage.

It’s an assertion that Nish agrees with, circling back to the comparisons with cloud’s rise to prominence.

“For years, we presumed and predicted that cloud would be the next big thing for attackers to target. How could it not be, considering what it was designed for? But then nothing really happened for a long time. Then…SolarWinds.

“Suddenly, those initial predictions became true, all because adoption had reached a scale that became too attractive to ignore. Attackers had spent the time up to that point learning how best to exploit the cloud, what the gains would be, what data they’d be accessing if successful, all so they could strike when the iron was hotter.”

In this analogy, space is an iron that is warming up at considerable pace.

Nish affirms: “As [low orbit] becomes more utilised, more relied on, more essential, the attacks will come. Simply, the race for us is getting ahead of that inevitability and establishing resilience ahead of time.”

It shouldn’t be forgotten that space still represents a technical step change from what both developers and attackers will have experienced before, despite the growing familiarities and lowering barriers to launch.

From both a hardware and software perspective, the level of cutting-edge solutions set to be deployed in this realm presents a huge opportunity to slow down would-be exploiters and achieve an initial level of resilience that ensures a sizable lead in this race.

Sherwin-Peddie concludes: “I have in the back of my mind constantly that while this is a race, first to market might not be the best to market. This is why a collaborative approach is so vital, in developing systems and platforms that are sustainable and durable in this context.

“If we get these initial conversations and developments right, with plans in place to mitigate challenges or attacks, then really, it’s such an exciting ‘space’. One that will soon house hugely impressive feats of engineering and technological breakthroughs for the future.”