{"id":595647,"date":"2023-01-09T05:49:22","date_gmt":"2023-01-09T11:49:22","guid":{"rendered":"https:\/\/news.sellorbuyhomefast.com\/index.php\/2023\/01\/09\/securing-low-earth-orbit-represents-the-new-space-race\/"},"modified":"2023-01-09T05:49:22","modified_gmt":"2023-01-09T11:49:22","slug":"securing-low-earth-orbit-represents-the-new-space-race","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2023\/01\/09\/securing-low-earth-orbit-represents-the-new-space-race\/","title":{"rendered":"Securing low Earth orbit represents the new space race"},"content":{"rendered":"
\n

Are we entering a new space race? In a manner of speaking, it could be argued we\u2019re already in that race, as the barriers to launching satellites into low Earth orbit<\/a> (LEO) become lower<\/a>, and cyber criminals subsequently identify a new source of critical information to disrupt, intercept, utilise or even take over.<\/p>\n

In this respect, the \u201crace\u201d that has already begun is one that requires both governmental and private players to unite and ensure optimum resilience across the systems being placed in our planet\u2019s periphery. Meanwhile, competitors in this \u2013 long distance but relatively quick \u2013 race are looking to build on examples of early exploitation, to enhance their competencies, and prepare for a future where space is simply a database with a bird\u2019s eye view<\/a>.<\/p>\n

But what was the starting pistol that triggered this particular contest?<\/p>\n

\u201cUltimately, it is a combination of engineering factors that contribute to dramatically reduced costs of launch,\u201d says Adrian Nish, head of cyber at BAE Systems Digital Intelligence<\/a>. \u201cYou can get things into space much more cheaply than in decades gone by, largely thanks to advances in technology, and manufacturers being able to integrate off-the-shelf solutions as part of the resultant satellites.<\/p>\n

\u201c\u2018Space as a service\u2019 is almost analogous to the cloud in that respect, in that customers are being offered platform space to \u2018rent\u2019, and to run applications. This commercialisation is driving the sector to become more viable, but wherever there is data being generated or stored, you also have a growing cyber security risk.\u201d<\/p>\n

\n

<\/i>A piggyback into low Earth orbit<\/h3>\n

BAE Systems itself has had products and services in and around space for a number of decades already, providing radios for clients including the European Space Agency, as well as for deep space missions.<\/p>\n

Nish explains that it has also sought to capitalise on the future scope of space as a new information arena, with a particular focus on low Earth orbit.<\/p>\n

\u201cAs part of this effort, though, we\u2019ve made sure we\u2019re part of the security conversation, because space as an attack surface is fundamentally different to what it was previously,\u201d he says.<\/p>\n

\u201cIf you think about a geostationary satellite, they are very much bespoke systems designed for long-life endurance in harsh environments.<\/p>\n

\u201cConversely, for low Earth orbit and nanosatellites, you can build them using more commercially available technologies. The good news is that it makes them easier to develop and manage. But it also makes it easier for attackers who also know what they\u2019re doing with these systems too.\u201d<\/p>\n

In this sense, there isn\u2019t a whole lot of difference in terms of the attack surface between on-the-ground platforms and the landscape envisaged slightly further up.<\/p>\n

That attack surface, rather, comprises not just the physical satellite, but also a ground station which effectively controls the satellite. Joining the party also are a host of receivers that then pick up information from the satellites, and aid communications.<\/p>\n

The upshot being, an attacker doesn\u2019t have to hit the satellite to hit <\/em>the satellite.<\/p>\n

Nish continues: \u201cThe ground stations in particular are interesting targets as they are pretty much the same as enterprise networks. There are people sat on desktops or laptops feeding into the network. It just so happens that, at some point, that enterprise network will allow a connection up to an operating system in low Earth orbit, which might also be as familiar as a Linux system.\u201d<\/p>\n

If a threat actor can gain access to said laptop or desktop, then the potential to piggyback on whatever is being fed up to that operating system becomes a very real possibility.<\/p>\n

\u201cOnce you\u2019ve got that right, and are being delivered to an equally recognisable system, you then have potential access to peripherals in the form of cameras, motion sensors, commands, the spacecraft, essentially. Malicious things can easily follow.\u201d<\/p>\n<\/section>\n

\n

<\/i>A variety of impacts<\/h3>\n

For anyone in any doubt of whether this likelihood of attack \u2013 and race \u2013 is already underway, criminal activity may be sparse so far, but certainly not insignificant.<\/p>\n

In the spring of 2022, global communications company Viasat experienced an outage across Europe<\/a>, at almost the exact time that Russian troops entered Ukraine. As well as being a commercial broadband provider, Viasat is also used by the Ukrainian military. On closer inspection, the main damage seemed to be collateral across the continent, as a result of a misconfiguration sent down to modems.<\/p>\n

However, upon even closer testing of the memory chips from these modems, it was revealed that they had been essentially wiped out, akin to wiping the operating system from a PC. The EU, UK and US have all since concurred that the attack originated from Russia\u2019s GRU<\/a>, which gained access to the internal management system through a misconfiguration, developed malware to deploy across the network to wipe the modems, and pushed that malware through on the day of the invasion. It wasn\u2019t the satellite itself that was being targeted \u2013 it was merely a portal to impact connections and operations on the ground.<\/p>\n

\u201cThis really demonstrates the lure of satellite attacks \u2013 it\u2019s the variety of impacts, and disruption on offer,\u201d Nish notes.\u00a0\u201cYes, the majority of attackers are likely to be motivated by money, with space just another frontier to enact ransomware attacks on manufacturers, law firms, finance companies, etc.<\/p>\n

\u201cState actors, meanwhile, absolutely need to be factored in as well. They\u2019ll be after what they always have been \u2013 political, military or commercial insight; to misdirect; to attain data; to disrupt or destruct; to gain intelligence; and to simply see what another country is seeing as silently and covertly as possible.\u201d<\/p>\n<\/section>\n

\n

<\/i>Securing the entire bubble<\/h3>\n

This is why a united, collaborative defence must be established between public entities and private players.<\/p>\n

BAE Systems is already part of the Space Security Information Exchange (SSIE) \u2013 a by-invitation group backed by the Centre for the Protection of National Infrastructure<\/a> (CPNI) and the National Cyber Security Centre<\/a> (NCSC) \u2013 of which Neil Sherwin-Peddie is currently chair. He is also head of space security at BAE Systems Digital Intelligence, and is hugely motivated to mobilise stakeholders in this race\u2019s early stages.<\/p>\n

He says: \u201cUK agencies are already coming together to gain better visibility across multiple platforms and from multiple perspectives. As well as BAE Systems, the UK Space Agency<\/a> and the European Space Agency, other big private players such as Airbus are also involved in the conversation, while the role of smaller businesses and even startups can\u2019t be overlooked. Security is the main part of this conversation between us all, addressing policy, process and procedure to make sure we\u2019re working in one common direction.<\/p>\n

\u201cAt the moment, there isn\u2019t a user manual or guidebook to follow to secure platforms, so it really is a case of addressing the entire infrastructure as a complete function.\u201d<\/p>\n

Ground stations are key to this effort, as the receptor of information being transmitted down from satellites, but also as the controls to guide periphery tech in space such as radios, sensors and communications tools.<\/p>\n

\u201cAs a starting point, this lays the foundations for mass management of the large, overall infrastructure, and security of the total enterprise,\u201d Sherwin-Peddie adds. \u201cWe can\u2019t just look at ground stations though, or user terminals, or the spacecraft; it\u2019s about securing the entire supply chain, knowing that if one element becomes weak or vulnerable, then the whole network has assurances in place to mitigate that.\u201d<\/p>\n<\/section>\n

\n

<\/i>First isn\u2019t always best<\/h3>\n

Sherwin-Peddie notes the level of urgency in this development conversation across numerous public and private parties. And, to that end, agrees that we are in something of a race; if only against time at this stage.<\/p>\n

It\u2019s an assertion that Nish agrees with, circling back to the comparisons with cloud\u2019s rise to prominence.<\/p>\n

\u201cFor years, we presumed and predicted that cloud would be the next big thing for attackers to target. How could it not be, considering what it was designed for? But then nothing really happened for a long time. Then\u2026SolarWinds<\/a>.<\/p>\n

\u201cSuddenly, those initial predictions became true, all because adoption had reached a scale that became too attractive to ignore. Attackers had spent the time up to that point learning how best to exploit the cloud, what the gains would be, what data they\u2019d be accessing if successful, all so they could strike when the iron was hotter.\u201d<\/p>\n

In this analogy, space is an iron that is warming up at considerable pace.<\/p>\n

Nish affirms: \u201cAs [low orbit] becomes more utilised, more relied on, more essential, the attacks will come.\u00a0Simply, the race for us is getting ahead of that inevitability and establishing resilience ahead of time.\u201d<\/p>\n

It shouldn\u2019t be forgotten that space still represents a technical step change from what both developers and attackers will have experienced before, despite the growing familiarities and lowering barriers to launch.<\/p>\n

From both a hardware and software perspective, the level of cutting-edge solutions set to be deployed in this realm presents a huge opportunity to slow down would-be exploiters and achieve an initial level of resilience that ensures a sizable lead in this race.<\/p>\n

Sherwin-Peddie concluded: \u201cI have in the back of my mind constantly that while this is a race, first to market might not be the best to market. This is why a collaborative approach is so vital, in developing systems and platforms that are sustainable and durable in this context.<\/p>\n

\u201cIf we get these initial conversations and developments right, with plans in place to mitigate challenges or attacks, then really, it\u2019s such an exciting \u2018space\u2019. One that will soon house hugely impressive feats of engineering, and technological breakthroughs for the future.\u201d<\/p>\n<\/section>\n<\/section>\n

Read More<\/a>
\n Bong Mischke<\/p>\n","protected":false},"excerpt":{"rendered":"

Are we entering a new space race? In a manner of speaking, it could be argued we\u2019re already in that race, as the barriers to launching satellites into low Earth orbit (LEO) become lower, and cyber criminals subsequently identify a new source of critical information to disrupt, intercept, utilise or even take over. In this<\/p>\n","protected":false},"author":1,"featured_media":595648,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23029,35034,46],"tags":[],"class_list":{"0":"post-595647","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-earth","8":"category-securing","9":"category-technology"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/595647","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=595647"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/595647\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/595648"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=595647"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=595647"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=595647"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}