Satellite hacking – how to keep your satellite data secure

It seems that nearly every day a new article is published regarding a data breach – Equifax, Facebook, Microsoft, and even the United Nations have all experienced major compromises to their systems. As hackers become more adept, security specialists must think outside of the box to protect private data.

With approximately 2,000 communications satellites in orbit, the National Security Agency (NSA) are working on how best to secure the sky. As reported by Patrick Tucker in Defense One, researchers at the NSA are using artificial intelligence (AI) to monitor small satellites to determine if they have been hacked.

One key to determining if a small satellite may have been hacked is its physical location. Aaron Ferguson, the technical director of the encryption solutions office of NSA’s Capabilities Directorate, explained in the article that most small satellites are deployed in a specific region in low Earth orbit. If a satellite moves to an unexpected location that may indicate a system compromise. Though in initial stages, programs to address potential issues, such as characterizing telemetry data and testing sending malware to a satellite to observe the outcomes, are being considered.

Programs such as those suggested by Ferguson will be key in future years as the US is working toward adding a number of small satellites into low Earth orbit. These satellites will assist with military intelligence, making it key that they are secure, “But the vast volume of data coming from small satellites may make it difficult to determine if they’ve been compromised by an adversary,” says Tucker.

While more difficult than traditional hacking of email systems or web browsers, the threat of satellite hacking is real. Satellites use common operating systems and connect to ground systems that are often computers running the satellite software.

Bill Malik, the vice president of infrastructure systems at cybersecurity firm Trend Micro, shared that there are six known examples of hackers getting into NASA satellites. Hackers have also successfully targeted United Kingdom and German satellites.  

“The cost of jamming and control-takeover technology is dropping, and the benefits to hackers (whether criminals or nation-state actors) is growing,” said Malik.

Even NASA’s Office of the Inspector General (OIG) has expressed concern. In their 2019 Cybersecurity Management and Oversight at the Jet Propulsion Laboratory (JPL) audit, OIG reported that in 2017 foreign hackers were able to compromise a JPL server. “After gaining access to the server, the hackers were able to upload, manipulate, and execute various files and commands unrelated to controlling spacecraft,” stated the report, citing deviation from NASA and recommended industry practices as one of the root causes.

For anyone working in the field of satellite operations, it’s important to consider all potential threats – with advancing technology preparing for physical threats is no longer enough.

Want to learn more about astronautical engineering? Capitol offers a bachelor’s degree in Astronautical Engineering and is home to the Space Flight Training Operations Center (SFOTC) where students interact with orbiting satellites to gain real-world knowledge. Contact admissions@captechu.edu to learn more.