Issue #1(3) 2015 Security

Supplanting the state: rewards and risks

Rick Lund CEO

2015 is looking to become the year that commercial companies truly begin to supplant government agencies in the development of the space industry. This turning point will include advances in satellites and satellite communications technologies – but it will also likely be a time of new challenges, particularly wherein cyber security is concerned.

Space travel and satellite communications systems are now seeing innovation and growth brought by new commercial players. Their early successes promise to accelerate the evolution of humanity’s relationship with space, and the benefits we can derive from it.

To succeed, companies like my own SRT Group must continue to disrupt space exploration and satcom technologies. I use the word disruption deliberately. The term is apt because the entrance of private corporate investment is the first step in the democratization of space – a democratisation that promises to translate scientific discoveries into technology that improves our lives back here on Earth faster than ever before.

2015 is looking to become the year that commercial companies truly begin to supplant government agencies in the development of the space industry

This disruption truly began in 2010, when a private company first successfully launched a round-trip space flight.

Commercial innovation in space

Elon Musk’s Space Exploration Technologies (“SpaceX”), founded in 2002, made history in December 2010 when it became the first (and to date, only) private company to launch and then return a spacecraft from low-Earth orbit.

In May 2012, its Dragon spacecraft successfully attached to the International Space Station, exchanged cargo payloads, and returned safely to Earth. Since then Dragon has delivered cargo to and from the space station multiple times, providing regular cargo resupply missions for NASA.

Google, a company that has already built one of the world’s most successful and largest digital infrastructures, is now also heavily investing in space. Last year, the company augmented its Google Earth photography project by acquiring Skybox Imaging, which developed and launched the world’s smallest high-resolution imaging satellite.

In January, Fidelity Investment and Google announced a $1 billion joint investment in SpaceX to help it finance a newly announced satellite development centre in Seattle, Washington.3

The vision of these private companies is to develop viable lightweight satellites weighing just 90–270 kg (200-600 lbs.) each, which can help deliver satellite internet service to the most remote parts of the globe. The disruptive idea here is to deploy constellations of dozens (or hundreds) of these cheaper, lightweight satellites rather than the far more expensive singular units deployed today. By harnessing the collective power of multiple small satellites working in concert, the companies mitigate the risk (and cost) of any singular satellite failure.

Small sats still need launchers

Serial entrepreneur Richard Branson’s venture Virgin Galactic is another example of a commercial foray into what was previously a governmental monopoly on space travel and exploration. Seeing that physical satellite size was shrinking, Branson founded Virgin Galactic in 2004 in anticipation of the need for much smaller, low-cost systems for launching these smaller satellites into orbit.

Virgin Galactic’s LauncherOne reportedly has the ability to deliver as much as 225 kilograms (500 pounds) to a low-inclination low earth orbit for a price of less than $10 million. Virgin Galactic notes its customers plan to use the smaller satellites for a variety of humanitarian causes, including providing broadband internet access to remote areas; collecting more accurate weather data; and identifying asteroids that could represent threats to and opportunities for Earth.

Further, Virgin Galactic notes that those types of missions represent only the beginning of the potential for smaller satellites.

Virgin Galactic suffered a setback with the 31 October 2014 in-flight loss of the VSS Enterprise, the first of five commercial suborbital “SpaceShip2” spacecraft planned by Virgin Galactic. However, the company continues to attract, and invest, hundreds of millions of dollars in the development of viable, private space travel and cheaper options for launching small satellites.

On the ground, terrestrial innovation in satellite communications took a step forward when Thuraya Telecommunications, the Dubai-based mobile satellite services (MSS) operator, released the Thuraya SatSleeve in March 2013.

The VIPturbo satellite modem

Satellite will increasingly become part of our lives

The SatSleeve enables civilians to turn their Apple iPhones and Android smartphones into satellite phones with a simple sleeve-like attachment. The Thuraya SatSleeve brings satellite communications to the average consumer, by providing access to phone calls, emails, and instant messages – via satellite – anywhere in Thuraya’s network, which reaches 161 countries and nearly two-thirds of the world’s population.

Life on the ‘bleeding edge’

My colleagues and I founded SRT Group in 1999 when we saw the coming convergence of cellular, Wi-Fi, and satellite communications technologies. Our goal then, as now, was to develop bleeding-edge technologies (more advanced but riskier than cutting edge technologies) and become leaders in markets and spaces that are neglected by larger players. We have won competitive bids against some of the largest aerospace vendors in the world, including Boeing, Hughes, and APSI. Today, SRT provides mission-critical satellite, Wi-Fi and aviation technologies to major business, government and non-governmental customers in the United States and worldwide.

We are proud of our partnership with Thuraya, for whom we developed the VIPturbo, a compact, single-board satellite modem that functions as a software-defined radio for advanced satcoms. The VIPturbo can manage all kinds of data and telecom services on Thuraya’s network and can be modified to support additional waveforms. The module’s integrated Wi-Fi allows end-users to connect and communicate with their own smartphones and tablets in even the most remote locations.

This year, SRT will launch our next-generation satellite modem, the Afterburner. Whereas the VIPturbo is about the size of a paperback book, at just 5x10 centimetres (2 x 4 inches), the Afterburner is about the size of a pack of 
playing cards.

The internet of things

Several years ago Cisco coined the term the “Internet of Things” (IoT) to refer to a future filled with connected devices—machines with sensors that can automatically connect (or “talk”) to each other without the need for active human direction. Others have referred to the IoT as the “digital framework that will connect smart objects such as appliances, watches, and cars to the cloud.”6

These rapid advances in satellite, satcoms, and Wi-Fi technologies present renewed concerns about cybersecurity and the growing problem of satellite hacking

Research firm Gartner estimates that “the IoT will include 26 billion units installed by 2020, and by that time, IoT product and service suppliers will generate incremental revenue exceeding $300 billion, mostly in services.”

Satellite coverage and satellite technology will be a huge driver in this consumer revolution. For instance, both Google and Ford have announced they are developing self-driving cars. These vehicles will rely heavily on the same interactive GPS and mapping technology available in cars and smartphones today, which depend on satellite networks for their data.

As Wi-Fi coverage becomes more ubiquitous, and modems that receive and transmit satellite data become cheaper and more powerful, so too will satellite networks become more valuable and powerful. General Motors and Audi now have 4G LTE in their 2015 vehicles, which turns the cars into roaming wireless hotspots. Not only are the Wi-Fi signals accessible from as much as 50 feet from the vehicle, but the integration allows drivers to simultaneously charge their smartphones in their cars and access their phone’s hands-free functionality while driving.

Satellite hacking

These rapid advances in satellite, satcoms, and Wi-Fi technologies present renewed concerns about cybersecurity and the growing problem of satellite hacking.

2014 saw an increase in hacking incidents against such high-profile multi-national companies as Sony and JP Morgan Chase. Further, initial investigation into these incidents showed that many of the attacks originated in North Korea and Russia. These breaches demonstrated that major cybersecurity threats today can originate not only from foreign countries, but also include coordination, if not direction, from state-sponsored actors.

Gateway antenna farm

The coming months and years will see an increase in hacking attempts against satellites, underscoring the need for manufacturers and satcom developers to harden and protect their hardware and software.

This is an exciting time for space exploration, as commercial companies are increasingly driving the evolution of satcom and related technologies

As early as 2007, Tamil rebels in Sri Lanka successfully breached the communication systems of a U.S.-built Intelsat satellite, and used it to broadcast radio and television signals. Also in 2007, the Chinese government demonstrated its anti-satellite technology by successfully and remotely destroying one of their ageing weather satellites.

Last year, hackers in China attacked satellites belonging to the US National Oceanic and Atmospheric Association (NOAA), which includes the National Weather Service. As a result, NOAA’s primary forecasting capabilities were disabled for 12 hours. While the problem was quickly resolved, the incident underscored the vulnerability of U.S. government satellite assets to hacking by foreign-based agents.

Weather satellites provide data critical to agriculture, oil and gas pipelines, and serve as an early warning system for storms and natural disasters. As such, the financial damage caused by a breach could be substantial.

For instance, U.S. weather satellite data provided crucial early warning of 2012’s Superstorm Sandy that ravaged the northeast seaboard. Even with the several days’ warning that enabled residents to evacuate and to prepare for that storm, it still inflicted an estimated $50 billion in damage. Had the weather satellite’s forecasting data been unavailable (due to either malfunction or malicious hacking) the damage – both economic and personal – could have been far worse.

In April 2014, cybersecurity firm IOActive released a well-received report that described vulnerabilities discovered in several military and commercial satellite communications systems.

Common vulnerabilities included hard-coded credentials that allowed access to devices, digital backdoors built into computer codes, undocumented language protocols, weak encryption of communications channels, and weak password resets.

The firm found that these vulnerabilities could allow hackers to intercept, manipulate, or block satellite communications—in some cases even taking control of the satellite itself through the transmission of a text message containing malicious code. Disabling or destroying a satellite is as simple as causing it to spin slightly off course or expend fuel more rapidly – thus shortening its lifespan.

“If one of these devices is compromised, the entire satellite communications infrastructure could be at risk,” the report noted. “Ships, aircraft, military personnel, emergency services, and industrial facilities, which include oil rigs, water treatment plants and gas pipelines, could be affected.”

Further, many cybersecurity vulnerabilities are a natural consequence of the long lead time required to launch a satellite into space. The average orbiting satellite is running on systems ten years old.

Given the rapid pace of technological advances, even satellites launched today are running software developed at least two-three years ago, with potential vulnerabilities discovered and exploited in the interim.

Cyber-hardening

As we continue to reap the benefits of space exploration, with satellites providing data that are increasingly integrated into our daily lives, satellite manufacturers and satcoms vendors alike must do more to protect their software, hardware and communications channels against malicious interference.

To minimize the risk of hackers identifying and exploiting these various satcom vulnerabilities, the cybersecurity report advised satellite owners and vendors to “implement secure policies, enforce network segmentation, and apply restrictive traffic flow templates (TFT) when possible.”

At SRT, we harden our satellite modems prior to deployment by running them through stress tests – a series of vulnerability analyses that help identify and then resolve weaknesses and potential hacking pathways. Additionally, we do so with today’s technology, thus ensuring best-in-class protection of our networks.

This is an exciting time for space exploration, as commercial companies are increasingly driving the evolution of satcom and related technologies. But with these new opportunities come increased dangers and risks.

Only by remaining vigilant against common vulnerabilities and implementing protocols to ensure high standards in cybersecurity, we can safely and securely embrace a future made better by our continued attention to the stars.

Popular articles

See also

Specials

Iran - emerging space state or threat to world peace?

Astronautics

Long-term spaceflight and microbiological safety issues

Astronautics

Building a digital democracy in a planetary pandemic

Popular articles

Science

DNA across the universe - the new Noah’s Ark?

Astronautics

Agencia Espacial Española – Spain’s future assurance