Cyber Security Vulnerabilities in Space Vehicles

Cyber Security Vulnerabilities in Space Vehicles

Cyber Security Vulnerabilities

Abstract 1

Introduction 3

Background 4

Overview of Space systems 4

The developing threat in Cyberspace 5

Space Vehicles attack surface 6

Cyber Security Vulnerabilities in Current Space Systems 6

Advanced Persistent Threats 7

Improperly secured ground facilities 11

Space Segments Vulnerabilities 12

Small Satellites Vulnerabilities 12

Current Cyber Security Mitigation Techniques 13

Conclusion 16

Abstract

The advancement of innovations, views, and funding alters the outer milieu by making it more accessible to many individuals. The majority of additional and projected launchers and clusters will expand the in orbit population by multitudes, broadening the hazard picture for the space industry. With our daily way of life depending on assets, there is a greater need to understand space systems\' cyber security properties. As internet connections continue to grow, there is a significant growth in cyber-attack incidences, resulting in ravaging and severe consequences. Spacecraft are sophisticated systems that include an onboard data bus, essential components like attitude detection and control mechanisms, and payloads (Suloway, Visner & Kordella,2020). Surface and wireless communications were the most famous victims. Still, as space-based systems expand in the subsequent decades, the attention may turn to orbital portions that should be handled. The paper explores the vulnerabilities of space vehicles. By understanding the openness of space vehicles, different methods can be implemented to mitigate the threats and protect future systems.

Cyber Security Vulnerabilities in Space Vehicles

Introduction

The changing dynamics and developing ideas are what encompasses the space industry. The launching of the Russian satellites in 1957 marked the start of a new age for civilization, demonstrating that we, too, might master space. Until recently, the space industry was dominated by a small number of nations that developed prominent, costly constellations with lengthy helpful lifespans. The relevant data on satellites was strictly guarded to impede adversaries\' defense capacity. However, recent technological advancements, faster research and development procedures, and cheaper launch costs have made the space sector a highly valued resource for many organizations. It has sparked private-sector interest and brought various investors and initiatives to the table (Manulis, Bridges, Harrison, Sekar & Davis,2021). Because of the rapid incorporation of standard modules and components, while making space travel more affordable and widespread, the number of small satellites launched in the United States in 2021 is expected to be around 2944. (\"UCS Satellite Database,\" 2022). Many firms take more risks with their satellites, resulting in more innovations. As the scale and substance of space missions evolve, ensuring the systems are secure against the recent technological advancements has proved to be a vital part of development.

Similarly, the growth of cyber technologies in the United States has provided incomparable data convenience. Together space and cyber technologies have aided the rapid success of space technologies such as satellite communications, Global Positioning Systems, Space-based intelligence, weather data fused with global data networks, and databases have allowed data sharing (Bichler,2015). The procurement and operations communities have regarded information security, links, and space systems as secondary. Many of these technologies have remained in the inventory today, having been built with insecure models making them vulnerable to cyber security threats —the paper deals with the vulnerabilities in space vehicles and ways of mitigating them. Even though there are many developing dangers to space, this study concentrates on cybersecurity threats owing to the interconnected structure of corporate and armed forces facilities. Both country sovereignty and nonentities are carrying out cyber attacks on space operations. As studies on free and open-source information on flaws grow, so do the assaults. The absence of intervention is not even an alternative, and all government essential space technologies must be reinforced against cyber risks.

Background

Overview of Space systems

Space systems comprise the space and ground segments, which communicate through radio frequencies signals. The space section includes satellites or groups of satellites in orbit. Satellites are pieces of technology intended to serve a specific purpose and a bus that holds the payloads and the accompanying satellite components. The ground segment includes all grounded features that gather or transmit Radio Frequency signals, oversee and manage satellites, and distribute payload and telemetry information to remote users (Manulis, Bridges, Harrison, Sekar & Davis,2021). Ground segments include ground stations that overlook task procedures and payload and telestial networks that integrate different ground systems and distribute data collected by payloads. Space Vehicles launched from the United States require two independent tracking sources to satisfy a range of safety requirements. The two tracking sources have been radar and Inertial measurement units.

The Ministry of Defence and the National Aeronautics and Space Administration, and corporate enterprises have created disposable launch vehicles that could be utilized to send satellites into space. Many space vehicles are intended to take a particular cargo into orbit. They are made up of numerous sections that separate in succession when the vehicle acquires momentum and orientation, and the fuel runs out. Governments continuously carry out research and innovation with the increasing maintenance and operational support cost.

The developing threat in Cyberspace

The cyber capabilities of many governments have increased over the current years. The principles decompose into several actions that a company must control to achieve an effective cyber security plan. The methods for putting the concepts into action have been devised for many information technology networks, but they are still in the works for space systems (Bailey et al.,2019). Cyber threats offer a significant and multifaceted risk because of the lack of warning and the speed with which an attacker attacks, the difficulties of identification, and the ramifications of carrying out a corresponding reaction.

There are numerous hazards to the welfare of space systems, ranging from the harsh circumstances of outer space to individual risks carried out by a person. While some effects are manageable and reversible, some are incredibly catastrophic, resulting in the inability to use a design (Matei,2021). The dwellers of cyber security are availability, confidentiality, and integrity. Initially, many orbital technologies, like all telecommunications, comprised analog equipment that could not provide the same prospects for hackers due to a complete lack of programming with coding flaws and the ability to access the system casually. However, advanced space assets have also become digitized as technologies have improved. It has made them vulnerable to attack by multiple countries and organized criminals. According to Bailey et al., 2019 government assets are not alone in being the target, given the military\'s dependence on commercial space systems to heighten bandwidth. Cyber-attacks on commercial space systems are also a concern. Many of these attacks represent a threat to space assets, depending on the antagonist\'s expertise and intentions and the purpose of the space mission. The increasing speed at which hackers\' potentiality increases is a cause of concern as most of our governments\' dependence on space systems cyber security should be a priority.

Space Vehicles attack surface

Traditionally, space vehicles are parts that interpret, preserve, and transmit information, serving as an attack surface. Many spacecraft features incorporate hardware and software to operate in space. While the program is being developed on the ground, it is vulnerable to the same dangers as traditional integrated systems. The spacecraft itself could be equated to a space-based internet of things device. Many adversaries want to attack numerous vulnerabilities to access and use space capabilities. The multiple components that comprise the space vehicle are interrelated and can be utilized to an adversary\'s advantage. Many adversaries are expected to employ similar assault methods and patterns for the space vehicle for several conventional technology infrastructures. Many of the flight software is targeted mainly than other subsystems. Flight software-based attacks have been seen to extend throughout the whole mission ( Tsamis, Bailey & Falco,2021). The Flight software is reprogrammable during the assignment; therefore, many hackers have time to post-launch operations during the development on the ground to put their evil reasoning into action. Hardware-based threats are generally limited to the before launch phase, where widespread direct connection.

Cyber Security Vulnerabilities in Current Space Systems

Space systems are subject to cyber threats and other suitable attack modes such as orbiting, kinetic, and radar systems. The standard IT surveillance technique faces some unique problems in space. Within the design of a space system, cyberattacks can be launched across several sectors, including orbit, information systems and organizations, and the surface. Vulnerabilities to space systems and infrastructure vary depending on the range of attack surfaces. Because space systems in low and medium orbits have limited contact with the grounded central control room, regular screening and surveillance are difficult. The attack surface is growing more prominent as many space systems connect to ground-based users and assets.

Advanced Persistent Threats

These are risks that have a long-term impact on the system. They are used to steal important information from a corporate or government target over an extended period. As a result, such threats must go unnoticed, need a high level of sophistication, and are primarily the work of nation-state-backed hackers as the spacecraft is launched, various vulnerabilities in the ground segments, telecommunications, and the space segment. Some include:

The lack of authentication

Many satellites do not use any authentication that allows evil people with the knowledge of telecommand instructions to send direct requests to an operational satellite potentially. Some developed technologies relied on their distinctiveness to resist unauthorized entry to space computer networks during their development. Numerous application-specific integrated circuits manage telecommand in many satellites, introducing an adamant processing mechanism. Although it is challenging, it does not allow for flexibility in the event of a behavioral shift. It is a severe vulnerability in the system\'s security because CCSDS makes telecommand authentication a required core of functionality for any satellite mission that requires essential protection (Matei,2021). While some believe that hardware is more dependable than software, extensive study has revealed that many satellites rely on prototypes established in the 1990s and 2000s, now regarded as an insecure cyber security paradigm (Bichler, 2015). Especially among urgent telecommands, the CCSDS protocol advocates for verifying because approved critical orders might be harmful, particularly for operations requiring exceptional dependability.

Information that is not encoded and Improper Incoming signal management

Another flaw is that many satellite companies do not encrypt the monitoring and control uplinks from which the satellites are operated from the ground, rendering them subject to spoofing. Unencrypted data traffic is a significant security risk for both incoming and outgoing traffic. The attacker may observe the design and pattern utilized for command transmission and then fabricate fictitious authorities to be delivered to the satellite vehicle for incoming communications. A malicious individual has the necessary equipment to intercept traffic not meant to be routed to them for outbound transit.

According to Matei,2021, attackers can intercept satellite transmission and analyze the broadcast structure to fabricate their demands. Assume a hacker gets information to an extensive network of computers that they command entirely. They can transmit many instructions in that event, potentially overloading the satellite\'s computer and blocking the legitimate telecommands. CCSDS warns that even encrypted trusted traffic can be diverted and then rebroadcast at a later stage. Thus strategy ensures must be in place for this eventuality.

Numerous satellite broadband suppliers do not provide over-the-air traffic cryptography, leaving delicate consumer information vulnerable to snooping threats. The methodologies used to maximize TCP linkages in lengthy satellite linkages are frequently irreconcilable with cryptographic algorithms. There is no fully accessible cryptographic system that performs TCP connections via satellite lines, and many scholarly approaches are primarily hypothetical and missing repeatable program code ( Pavur,2021). Investigators interested in PEPs then must reuse existing code to incorporate new cryptography or recreate PEPs from the ground up. Without access to satellite equipment, assessing approaches is challenging due to the absence of consistent, controlled circumstances.

Sensory probing

Space systems are vulnerable as they may receive fake information from the various sensors. Some sensors are harder to temper than others, but some rely on data from outside; GPS signals, for example, are used to alter their positions and retain their orbits. GPS frequencies that provide precise geolocation and time information can be falsified using commercially available parts (Manulis, Bridges, Harrison, Sekar & Davis,2021). A strategy that analyzes odometer values separately within a predetermined allocated time frame and cross-checks responses offered by GNSS and inertial navigation solutions is used to identify a subjective timing intrusion.

Jamming

Jamming is a practice of overriding a Radiofrequency signal of a specific wavelength with a more robust transmission of the identical bandwidth with the intent to interrupt connections with the ground control station and the satellite. The jammer comprises two distinct sets of the receiver, primary and auxiliary. The top receiver category encompasses four packetized and four ceud devices that enable quick transmission capture, precise characteristic assessment, instant upgrades, and accurate positioning, using global positioning techniques such as GPS tracking of a specific device. The auxiliary receiver set offers a broad frequency range and replaces the primary receiver in lengthy measurements. The \"AN/ALQ-218\" employs a novel blend of optical technologies with short, intermediate, and extended baselines (Manulis, Bridges, Harrison, Sekar & Davis,2021). The spacecraft communicates with the command center through radio frequency, and many threat indicators for RF communications are not IP-based. There are two categories of RF threats: more Electric Warfare connected with out-of-the-ordinary power or frequency indicators (Suloway, Visner & Kordella,2020).

A stronger dependence on software

Greater reliance on software is the most likely technique to promote violent and seamless behavior in the future. Many satellites are shifting from snuffed circuitry to configurable electronics and computer-like systems. However, the changeable structure of programs offers a high-risk possibility and a fluctuating degree of security if defensive mechanisms are not adequately implemented. While a burnt-in chip in orbit is practically underexplored, the software can be altered in various ways. When it comes to safety, faulty input filtering, terrible coding techniques, improper data structures, backdoors, and other weaknesses in software architecture can be disastrous (Matei,2021). It is generally enough for a single mistake to go undiscovered to have catastrophic consequences, from disclosing secret information to the entire network infringement. A concerning element of employing software is the possibility of injecting malware into the system, as a burnt-in chip in a software-based system with numerous cryptography parts might continuously perform the very same sequence of functions. Malware could infect the satellite during software updates if the updated software is tainted with harmful code.

Improper payload virtualization

Virtualization is a complex process that raises numerous security concerns. Still, regulatory frameworks can be accomplished in a variety of ways. If we accept the assumption that the payloads would all be virtual and running on a single high-performance computer, we must rule out physical isolation; we are left with temporal logical, and cryptographic separation (Matei,2021). As tales indicate, a suitable hypervisor can ensure the presented separation layers on a common platform, but this is not always the case. There have been several instances where information has been leaked from one logical container to another.

Improperly secured ground facilities

It is simpler for many people to hack during the prelaunch period because it is difficult to find a device not linked to the internet. Many malware intrusion cases involve computer emails that are used to spread the virus throughout the entire system and other organizations affiliated with the owners of the affected network. Reckless individuals may introduce malware on the internet that can use common channels to increase the number of organizations that use stricter security measures. Bichler (2015) backs up the Santamarta report, which indicated that most of the security vulnerabilities in SATCOM interface programs were discovered through open-source research in the literature and technical specifications.

Backdoors in data packets that manage user interactions and govern devices that oversee satellite accesses were quickly found, and most were left in factory states. Many broadcast codes used between satellite control panels and interfaces have weak authentication procedures recognized today. Following the review, the ground system was discovered to have numerous weaknesses. Unsecured COTS code on launch vehicles is an identified threat area. The description of openly revealed vulnerabilities and exposures is a constantly kept database of previously publicized flaws in software(Manulis, Bridges, Harrison, Sekar & Davis,2021). Nevertheless, the existing software must be upgraded regularly to include solutions for known vulnerabilities. Unencrypted editions of the program leave the application vulnerable to publicly published known vulnerabilities.

The entirety of the computation infrastructure with the in-ground station is currently powered by cloud computing. The whole system is multiplexed to cloud solutions, from information storage to processing data. Breakdown of the network infrastructure may have disastrous consequences for the ground station, namely suspension of access for the satellite reception(Manulis, Bridges, Harrison, Sekar & Davis,2021). Prominent cloud providers have experienced network failures or disruptions on a routine occurrence due to both interior and exterior threats.

Space Segments Vulnerabilities

A satellite\'s physical contact with humans is reduced once it is in orbit. However, this does not imply that cybersecurity dangers are still not there. Vulnerabilities in the space vehicle\'s operating systems can develop, affecting the satellite\'s functioning and the effectiveness of protection measures (Manulis, Bridges, Harrison, Sekar & Davis,2021). To penetrate the TT& C connections, assuming command of a launch vehicle to alter its mechanism and the satellite\'s orbital configuration can become a challenging undertaking that takes elevated ability and understanding. Depending on the satellite being launched, the ground control systems in place, and the security procedures in place.

Small Satellites Vulnerabilities

Small satellites are one of the primary areas of cyber security for space assets, thanks to technological advancements that have dramatically decreased the price of advanced, commercialized off-the-shelf gear. There seems to be a vast amount of information worldwide to develop standards and buses that can be used as mini-satellites. Many organizations are looking into conducting fascinating space scientific experiments from these comparably inexpensive platforms. Others, especially the military, are considering vast fleets of small, low-cost satellites for orbital positional awareness (Hutchins, 2016). Because small satellites are hard to identify, they present a severe hazard. They can elude identification or monitoring; they could be used to disrupt telecommunications, hindering the functioning of other spacecraft. However, a significant concern is that security has become an afterthought for the small satellites as many companies compete to develop the first standardized bus and telecommunication standards. As the small satellites are expected to increase and the importance of the missions they depend on, it could mean a disaster that affects people\'s lives.

Current Cyber Security Mitigation Techniques

Space launch vehicles Atlas and Delta are being phased out, and new launch vehicles are obtained. The priority of the governments and states is to maintain program security to best ensure that critical government payload. Security protocols should be employed to curb information security or insider threats (Zhang,2020). Cyber security is essential in ensuring nations\' infrastructure; adopting stronger protections and reducing risks will help minimize security vulnerabilities across the government functions.

Some of the mitigation techniques include:

Management of Authentication Mechanism

NASA has taken several initiatives to enhance the cybersecurity of all space assets. NASA\'s deployment of more rigid network access controls throughout their suppliers, researchers, and allied areas has prevented some phishing attacks used by personnel to obtain identities and retrieve sensitive proprietary property (Falco,2018). From cyber threats, space vehicles ought to be able to retain telecommunication, orbit, and energy to mission-critical subsystems.