Published on January 3rd, 2023 📆 | 7102 Views ⚑
0Can these researchers help defend satellite systems targeted by hackers?
When hackers attacked a satellite internet provider in Europe on the eve of the Ukraine war, it disrupted internet communications at a vital moment for Kyivâs defense. That digital assault, which officials and experts blamed on Moscow, had another effect, too. It showed just how vulnerable space systems remain, and what happens when attackers strike at the right time.
But a new effort is attempting to improve cybersecurity awareness â and preparedness â in a sector that is only beginning to understand the threat it faces from malicious hackers.
The Aerospace Corporation, a federally funded nonprofit research and development center, has launched new framework outlining how attackers could compromise satellite technology, an effort to bridge the knowledge gap between aerospace engineers and cybersecurity defenders and bolster efforts to secure space.
First launched in October, the Space Attack Research and Tactic Analysis (SPARTA) framework aims to describe the unique threats hackers may pose to systems in space.
Current frameworks â MITREâs ATT&CK framework and Microsoftâs Kubernetes â represent the industry standard for describing attacks on on-the-ground devices, but as one moves higher up (and out of) the atmosphere, these frameworks are less useful in describing attacks on spacecraft, said Brandon Bailey, a senior project leader for the Cyber Assessments and Research Department at Aerospace Corporation.
âOnce you start trying to command the spacecraft and trying to inject some sort of effect on the vehicle, then you youâre in our realm, and you need to understand those [tools, tactics and procedures] â and thatâs the gap weâre trying to fill,â Bailey said.
Leveraging MITREâs open-source software for ATT&CK, Bailey said that it was a quick sprint from initial conception around May of this year to the initial release in October.
The frameworks launch comes amid growing awareness that sophisticated hackers are carrying out attacks on space systems. On the eve of Moscowâs invasion of Ukraine, hackers attacked a satellite internet system run by Viasat, disrupting communications in Ukraine just as Russian troops crossed the border. Earlier this year, CISA researchers found the Russian-linked hacking group dubbed Fancy Bear lurking in a satellite communications provider with customers in U.S. critical infrastructure.
But even as these systems are being attacked, researchers warn that efforts to protect space craft are relatively nascent.
âOne of the challenges we had as a research community was that we didnât have a widely globally referenceable language for describing certain attacks that will transpire against space assets,â said Gregory Falco, a professor at Johns Hopkins University who studies the cybersecurity of space systems. âThis is something that we have for a whole bunch of other types of assets.â
Enterprise systems deployed on terrestrial computers are also present on spacecraft, but computers deployed to space also have features â like radiation tolerance and low-computation requirements â that pose unique challenges.
âThe technology on the security side isnât necessarily there for the space vehicle yet. So weâre also in this kind of unique paradigm where we donât have proven technology,â Bailey said. âYou canât go to CrowdStrike or Symantec or Microsoft and say âgive me intrusion detection solution that runs on the spacecraft.â Those donât exist.â
SPARTA differs from MITREâs ATT&CK framework by including methods that have been proven in a lab or by researchers but havenât yet been observed in the wild. SPARTAâs designers took this approach due to the relative dearth of documented attacks on spacecraft and because they are trying to address not just threat researchers but also the developers and engineers building space systems, Bailey said.
As with industrial control systems, there exists a culture gap between the engineers who build the infrastructure and the defenders tasked with helping protect it. Bailey said that they are hoping to hear feedback from the community so that engineers and developers in the space sector who donât have a cyber background can implement a secure-by-design approach to building new spacecraft.
âA lot of those people who build these systems arenât necessarily cyber people,â Bailey said. With the frameworkâs help, Bailey hopes that engineers and developers are better able to address security questions like, âWhy is it such a bad thing that thereâs inherent trust between the ground station and the vehicle?â
Including potential â but undocumented â methods is important for a field with a wide range of emerging security questions, like how to maintain security when one spacecraft services or refuels another. The cybersecurity implications of these on-orbit servicing, assembly and manufacturing operations remain untested in the field.
âThis is a frontier domain that has problems that we havenât seen in the wild yet, or canât publicly discuss in the wild. So we need something that can accommodate for that frontier,â said Falco. âThe benefit is that now itâs in the open, now we can all address it, rather than just a couple of guys in the bunker who are working on these things.â
Gloss