Security in the Stars: Protecting satellite infrastructure through ‘trusted’ standards

Last year saw the announcement of the EU Commission and High Representative’s European Space Strategy for Security and Defence. Presented for the first time on 10 March 2023, the joint communication outlined a framework for greater safety, security, and sustainability for space-based technologies, while providing insight into the preparatory work currently underway that will enable safer access to space.

Thorsten Stremlau, Trusted Computing Group (TCG)

Broken into a series of five actions, the European Space Strategy for Security and Defence aims to “allow to EU to protect its space assets, defend its interests and deter hostile activities in space”. The first action is to develop a shared understanding of space threats, examining the counterspace abilities and main threats likely to place items within EU’s Space Domain at risk. This considers everything from the physical space environment and different orbits and spacecraft to infrastructure (ground and launch), radio frequency links and user terminals. To increase a common understanding of threats leveled against the Space Domain, the High Representative are to prepare a classified annual analysis which will draw from the intelligence of Member States.

The second action, resilience and protection of space systems and services in the EU, proposes a series of initiatives to increase the resiliency of satellite operations. These include the proposal of a new EU Space Law to provide common security and sustainability frameworks, as well as the creation of an Information Sharing and Analysis Centre (ISAC) to devise and share best practices. The strategy aims to enhance the EU’s technological sovereignty and ensure long-term autonomous access to space.

Responding to space threats covers the measures identified for the mobilization of relevant security tools. This means greater characterization of inappropriate behaviors in orbit, as well as exercises that will test and develop the EU’s response time to space threats. Use of space for security and defense, on the other hand, proposes the launch of two pilot projects: one to test the delivery of initial space domain awareness services, the other to test a new Earth observation governmental service. This should better connect space, defense and security operations across the EU and ensure greater training while encouraging more collaboration in research and development. Finally, partnering for responsible behaviors in space aims to promote regulated rules and principles for acceptable behaviors in outer space. Looking outwards to countries such as the United States, through this action the EU wants to bolster the existing security cooperation with their partners.

The Current Threat Landscape

The Strategy’s aims are noble and should be music to the ears for those operating in the sector. With demands for digital connectivity soaring, we are now seeing a significant number of satellites being launched into space. The benefits of these technologies are well-known, from military surveillance and intelligence gathering, to broadcasting and enhanced navigational applications. Yet when it comes to security, more needs to be done, and this strategy indicates growing awareness.

This need for greater satellite security was evidenced in a recent academic paper, which identified a number of security vulnerabilities in satellite infrastructure. Researchers from the Ruhr University in Bochum and the Cispa Helmholtz Center for Information Security investigated the firmware of three Low Earth Orbit (LEO) satellites to assess their resiliency. When investigating a sample size including ESTCube-1, OPS-SAT and Flying Laptop, the lack of basic security principles was evident: the group uncovered six major security vulnerabilities, including “unprotected telecommand interfaces” which operators use to communicate with the technology in orbit. The researchers also found issues within an outdated code library used by a range of satellites.

It only takes one satellite to be corrupted for an entire network to crumble. In 2022, hackers disabled key communications in Ukraine through an attack against Viasat, a US based satellite company. This not only resulted in a blackout of communications within Ukraine, but also in a disruption of connectivity across wider Europe, leaving thousands cut off from the internet. With the increasing sophistication of cybercrime, it has become difficult to establish how much data has been compromised, or even where an attack has originated. Should a hacker install malware or utilize another attack type against satellite infrastructure, sensitive and potentially critical data can be stolen and weaponized, leaving the security of whole nations at stake.

Adopting Trusted Standards

If the EU is to achieve the goals set out in their space strategy and overcome the weaknesses found in current satellite infrastructure, then its attention needs to turn to the latest computing standards. As satellite communications continue to advance, so too have the solutions available to secure them. Choosing the right architectures, specifications, and technologies can quickly reduce the severity of cyberattacks. Not-for-profit standards organizations like the Trusted Computing Group (TCG) are playing a crucial role in making these readily available.

For most of these organizations, the concept of trusted computing forms the cornerstone of their work. At the most basic level, the concept provides assurance that computers and connected technologies will only boot and operate in a predictable, reliable manner. This creates a safe environment where data stored and utilized within a system can be accurately authenticated. Trusted computing leverages hardware Roots-of-Trust (RoT) to establish secure platforms for software to run on, fortifying the communication channels between it and the user. Establishing hardware-based trust mechanisms provides software exclusive access to designated areas of memory in order to safeguard sensitive data.

Already successfully implemented in a range of sectors and technologies, the concept of trusted computing can be extended to ensure optimal protection of the satellite industry.

Ensuring authentication of communications must be at the forefront of any satellite operator’s mind, especially in light of the industry reports now coming to light. This means checks should be carried out at every stage of data transmission. When considering satellite infrastructure, a hardware RoT such as a Trusted Platform Module (TPM) can be used to sign and verify that any data present originates from a trusted source. If any attempts are made to infiltrate and modify any codes found within a system, a TPM provides mechanisms to protect, detect, attest, and recover from an attack.

Widely available specifications such as Cyber Resilient Module and Building Block Requirements (CyRes) can also fortify satellite systems, reducing the likelihood of persistent malware while protecting any critical codes or data. Three key security principles are delivered through CyRes: the protection of updatable, persistent code and configuration data, the detection of vulnerabilities that have not been patched or when corruption has occurred, and the reliable recovery of systems to a known, trusted state. This enables operators to trust that the satellite, and by extension that the data obtained from it is what is claims to be. In the event the infrastructure has been hacked, operators have the tools to return it back to a reliable, trusted state.

Governments and agencies must also consider a satellite’s positioning within its supply chain. These types of threats have now becoming commonplace, with Gartner predicting that over 45 percent of organizations across all sectors will experience attacks on their supply chains. This makes the adoption of correct guidance and specifications even more crucial. Standards that can verify the integrity of equipment linked to satellites will not only benefit the technology itself but improve the security of a number of sectors. The goal should now be for universal adoption to ensure all involved in the design and manufacturing process are adequately protected as well.