• Like any new ecosystem, mass deployment of cheap satellites to bring new attack surfaces and challenges.
• Strong collaboration between cyber threat research teams, government, commercial and academia is the way forward.

Dubai: When security experts are struggling to secure the data on the earth, how are they going to secure data on the earth as well as in space when Space 4.0 is gaining traction?

Space 4.0 represents the evolution of the space sector into a new era and is intertwined with Industry 4.0.

Christiaan Beek, Lead Scientist and Senior Principal Engineer at McAfee, told TechChannel News that technology is getting cheaper to get into space and Ground station as a Service (GSaaS) is appearing in different flavours from different providers.

“We are putting a lot of technology into space and it is not proven to be secure. With a lower cost of launching, combined with public and private partnerships that open a whole new dimension of connectivity, satellites are more accessible from a cost perspective and which, in turn, will attract threat actors other than nation-states,” he said.

With the introduction of Ground Station as a Service (GSaaS) and Satellite as a Service (SataaS), he said that the satellite will become another device connecting to the cloud.

Low Earth Orbit (LEO) satellites are popular for scientific usage and are being used across government, academic and commercial sectors for different use cases that require complex payloads and processing.

Mass deployment of cheap satellites

With the rapid adoption of nanosats, which can coexist on a single satellite, he said there is going to be a mass deployment of cheap satellites into space and the same satellite backbone circuit infrastructure can be shared, reducing build and launch costs and making space data more accessible.

As the data from space will have much value as the market evolves, he said that cybercriminals will certainly target that data with the intent to hold organisations to ransom or sell data/analytics innovation to competitors to avoid launch costs.

 “We see a lot of opportunities for cybercriminals to accuse the data and with access to the ground station, they can set up an account in the cloud and sniff traffic from the sky and access the infrastructure,” Beek said.

With the convergence of information technology, operational technology and internet of things, cybercriminals are a constant challenge and they have much more capabilities than they did a few years ago.

Once a vulnerability has been developed, Beek said that it can then be weaponised into an exploit kit or ransomware worm, such as WannaCry, to make money and maximise profit by exploiting a combination of users and technology.

Even during Covid-19, they (hackers) moved quickly to cash in on the remote working workforce.

Targeting vulnerabilities

At Blackhat and Defcon conferences, security researchers have shown ways to hack every device across business verticals by discovering the vulnerabilities.

“Not all of the vulnerabilities and exploits have become weaponised by cybercriminals but it does highlight the fact that the potential exists. Some notable weaponised exploits are Stuxnet worm, WannCry worm, Triton malware, Mirai Botnet,” Eoin Carroll, Principal Engineer and Senior Vulnerability Researcher on the McAfee Advanced Threat Research team, said.

One of the key initiatives, and now industry benchmark, he said is the MITRE ATT&CK framework which enumerates the TTPs from real word incidents across enterprises (Endpoint and Cloud), mobile and ICS. “This framework has proved to be very valuable in enabling organisations to understand adversary TTPs and the corresponding protect, detect and response controls required in their overall defence security architecture. We may see a version of MITRE ATT&CK evolve for Space 4.0,” he said.

To date, no vulnerabilities have been disclosed on actual satellites but many vulnerability disclosures have taken place in VSAT terminal systems and intercepting communications.

McAfee has seen an increase in malicious cyber activity targeting the aerospace and defence industry to gather information on specific programs and technologies.

According to European Investment Bank, the global space industry grew at an average rate of 6.7 per cent per year between 2005 and 2017 and is projected to rise from its current value of $350 billion to $1.3 trillion per annum by 2030.

“The associated increase in data volume and complexity has resulted in increasing concerns over the security and integrity of data transfer and storage between satellites, and between ground stations and satellites,” Carroll said.

The McAfee Supernova report shows that data is exploding out of enterprises and into the cloud.

“We are now going to see the same explosion from Space 4.0 to the cloud as vendors race to innovate and monetise data from low-cost satellites in LEO as the data is going to be more accessible to commercial markets,” Beek said.

Security should be on agenda

So, with the introduction of cheap satellites using commercial off-the-shelf components and new cloud services, he said that is it just a matter of time before the industry could see mass satellite attacks and compromise?

“We need to think about a satellite as any other device which can be accessed either directly or indirectly over the internet.  Also, if a device can be compromised in space remotely or through the supply chain, then that opens a new attack class of space to cloud/ground attacks,” he said.

 “We need to make sure that security is on the agenda and that is why we put out this research, in collaborating with Cork Institute of Technology and its Blackrock Castle Observatory and the National Space Centre in Ireland, for a call of action.”

Beek said that establishing a trustworthy Space 4.0 ecosystem is going to require strong collaboration between cyber threat research teams, government, commercial and academia.