Essay on Cyber Security Vulnerabilities of Space Assets

Introduction

Space assets constitute both the ground systems and the satellites in the space. These assets are very critical structures for the space exploration and monitoring of the earth from up in the space. However, these systems have been exposed to vulnerabilities of cyber-attacks. The space assets suffer cybersecurity issues just like any other industry but their systems are complex, and therefore in case of a cyber-attack, it becomes very difficult to mitigate such an attack on the systems up there in space. In order to counter such security issues, some core principles have to be integrated by the stakeholders of the space system and all other related organizations towards curbing cybersecurity of the space systems. Once these principles are employed, the space systems could have a stable baseline for cybersecurity which would consequently raise barriers to attacks. This paper will explore the challenges of cybersecurity, the different ways of attack and countermeasure to such security issues.

Systems that deal with spaces, such as NASA and AFSCN, mostly constitute two assets: a segment at the ground and the segment in space. The segment in space comprises of satellites placed in the earth’s orbit. When several satellites are working together, they form a constellation. The ground segment consists of stations which are geographically distributed. These ground segments are accorded with the duty of sending commands and exercising control over the satellites through transfer of data from the satellites systems. This sending and receiving of data between the segments make the systems susceptible to interceptions which could comprise the data.

Computer security involves the protection of networks, computing power and data embedded in computerized systems. Protection of data is paramount since with such data falling into unauthorized hands, it can lead to catastrophic repercussions. Vulnerabilities are bound to any system and for the satellites which are used for navigation, communications, synchronization of time; weapon systems deterrence and forecasting of weather vulnerabilities are inevitable. Satellites and other space bodies are placed in the orbit of the earth with the assumption that those systems will acquire space-based protection from potential attackers. However, hackers have now been able to intercept signals and distort data using simple software and guidelines which are now all over the internet such as in YouTube. No greater danger exists that that of underestimating opponents towards a system.

The space system has faced numerous challenges which have made it vulnerable to attacks. Among the challenges include inadequacy of policy documents defined by nations on the space and cyber realms. Lack of such a document brings about a challenge of international cooperation. To grow stronger and exercise greater control of the space systems, nations have to make a policy which will bind them together and enable them to coordinate activities for better service from the space system. Lack of this document may make states to blame the actions of others towards a space system, and with such wrangles, attackers can take advantage to tap data from the system. Therefore it is important to make a policy that will unite nations in the operation of space assets.

The lack of common international terminologies in the space and cyber domain can also pose a challenge in the space system. Different nations use different key terminologies in reference to space and cyber domains. In this regard, it is important to come up with a common jargon when addressing space issues to avoid attackers from cracking through the diversity of space system definition. With an international agreed jargon of the space systems, enduring treaties among nations could be created thus rendering the nations a united front in space exploration as they serve humanity.

Another challenge is the current trend of nations in trying to create small satellites which will be cost friendly, and resources are readily available. In the modern world, technology has made people believe that much hardware is not necessary but rather a compact device with fewer hardware components is effective. Devices have been growing smaller and smaller, and this has consequently affected the space exploration centers. Many research centers around the world are continually working to build collectively small satellites. These centers are aiming at performing space experiments using such small satellites while other centers want to make as many small satellites as possible to facilitate space exploration. However, while building such small satellites, security comes as an afterthought. These research centers are competing on whom to produce the small satellites neglecting the aspect of security. With the making of small satellites, security has been brushed aside, and in this regard, disaster could come in and affect the safety of the space assets together with people’s lives which could be very vital to matters of national security.

In addition, there is an aspect of Advanced Persistent Threats (APT) which has posted a significant challenge to space assets. For a while, there has been a series of hacking incidents over and over again. The APTs have mostly been used to retrieve critical data and information from government systems and also businesses. Since such constant attacks must remain unnoticed, a sophisticated aspect and inside men often help such attackers. NASA has been for quite a long time the major target with the aim of cyber espionage by the APTs (Martin, 2011). With NASA being the most established program for space exploration around the globe, other governments of different nations have had the urge of mastering such intellectual ability as that of NASA. Governments like that of China has had hackers try out to sabotage NASA thought the use remote toolkits in order to establish what the United States government has planned concerning the weapon systems. They have again and again used the APTs in trying to sabotage the US TRANSCOM through numerous attacks as they try to gain knowledge on the US military equipment and troops movements around the globe. APTs have threatened the space system making it a challenge as research centers build satellites for space exploration. Recent reports state that NASA has experienced 47 APT attacks by 2011(Martin, 2011). Among these attacks, 13 managed to compromise the computers of the NASA agency thereby stealing information and even credentials of over 150 employees of NASA. Therefore APT has posed a great challenge in the space assets.

In the current world, cybersecurity has taken a toll with cybercrimes being witnessed on a daily basis. Nations have raged cyber wars against other nations trying to siphon information that could help them in not only monitoring other nation’s activities but also in bringing such nations down. Cyber-attacks on the space assets range from software vulnerabilities to hardware vulnerabilities and finally to insider threats. From the challenges the space system among nations face, hackers have been able to ride on such challenges to attack the systems and steal information and compromise other data.

Insider threats have also become common with staff aiding attackers in compromising the systems of a particular organization or a nation. Such people are either paid huge sums of money or promised a greater reward for their betrayal. Most of the software developers have also been associated with performing cyber-attacks as they make software which is easily cracked and which can read data on other software. Some of these software issues include spoofing, insecure authentication, hijacking, insecure protocol and also SQL injections. However, there are hardware threats which target the hardware used to construct such systems of space. Countries like China have embedded default passwords in the firmware they create (“China’s hacking against the U.S. on the rise: U.S. intelligence official”, 2019). Once this firmware is bough and used to build the space systems, China can use the embedded password to gain access to such system. Such compromised hardware can be advocated for by the source countries in dealing with military systems which makes it possible to monitor military departments of another nation.

Some of the attacks on space assets include an attack on service denial. This attack prevents access to resources given the authorization (“Top 10 Most Common Types of Cyber Attacks”, 2019). This type of attack appears in several ways such as disruption of configurations of a network or a system through activities like routing changes. Another way is through resource consumption which affects memory, disk space, and the processor and communication bandwidths. Besides, there is disruption of components based on the network such as routers and switches and finally through destruction of the designed paths of communication. This attack based on service denial affect the ground segments together with their networks resulting in losses in the system availability. With such losses, it would be hard to control and to retrieve data from the space systems. Therefore this type of attack is very would make attackers take control of the space systems, and with it, they can manipulate data to suit their desires. Such an attack may be as a result of an inside job from trusted staff who gives out credentials making other staff be logged out of the system and lose control.

Masquerading is another type of attack based on both space and ground segments(“Top 10 Most Common Types of Cyber Attacks”, 2019). In order to be given access rights and take control, authentication of an identity of the entities is done prior to authorization. However, this type of attack involves faking or assuming the identity of another entity in order to be granted the access rights to a system. Once the access control rights are given to a fake entity, these entities which in most cases are hackers can be able to manipulate a system to their specifications. If an operator of an instrument masquerades as an operator of a spacecraft, incorrect instructions and status actions would be given thereby resulting in a loss in the mission. If hackers masquerade as space system operators, it could result in the transmission of wrong commands which would consequently lead to system breakdown, loss of data and finally loss of the entire mission of space system. In this regard, masquerading is a very risky type of an attack which could lead to massive destruction not only to a nation but to the world at large,

Moreover, there is another aspect of attack called jamming. This type of attack involves a denial of the possibility of communication between the ground segments and the space segments of a space system. This is achieved by interfering with the signals as they roam in a network. Hackers tap on the frequency on which the signals of the space system are being transmitted on, and the inject noise on the same frequency through another resource. This can also be done through overpowering the signal’s source and therefore jamming it. This kind of attack leads to loss of communication links and hence resulting in a complete loss of the space mission.

Again, the password attack has also affected the space mission. Since passwords are used in many systems to regulate the access of information, hackers have devised ways in which they can get hold of such passwords to compromise data. Acquiring passwords can be done looking around and spot a person as he/she enters a password to a system. However, this may not be easy for attackers of a system, and therefore there is a way in which hackers can use to try and get the required passwords to a system. Hackers try guessing passwords to a system. There is an approach which attackers can use to establish a password. This approach is a called Brute-Force which involves using a randomized approach of trying different passwords and trusting that in the long run one of the tried passwords will work. In guessing these passwords, hackers base their guesses on the person’s hobbies, pets, name, job title among other items. Also, a dictionary attack is used in an attempt to get the right password to a system. Once hackers get hold of a password, they log in and change passwords thus locking out system administrators and other staff. With such access, hackers can mess with data and manipulate systems to suit their course.

Furthermore, the malware attack has been used by hackers to corrupt space systems. Malware is unwanted software established in a system without the system administrator’s consent (“Top 10 Most Common Types of Cyber Attacks”, 2019). This software attaches into some codes and replicates across multiple applications over the internet. Some prevalent malware include macro viruses which infect Microsoft Office applications. Another malware is the system infectors which launches when a system boots and propagate in other computers. Once such an infector enters the system, data is altered resulting in distortion and biases of data. Also, Trojans which are malware can be programmed by hackers to open some ports in a system from which the hacker would listen and then stage an attack on such system. This malware software embeds on a system and paves the way for attackers to gain access. Once access is achieved, the space assets are corrupted, and the mission of the space system is compromised.

However as much as computer attacks have taken a toll in the contemporary world, research centers among nations have come up with ways to counter such attacks. There are defined principles and concepts of security management that have been deployed in the mission of mitigating risks involved in the security of systems. Security has been divided into three main core aspects which include confidentiality, integrity, and availability. Confidentiality involves controlling who has access to information and what restrictions are imposed in the access. This aspect aims at ensuring that data is only accessed by authorized personnel. Integrity involves ensuring data stays in its original state by avoiding third-party alterations. Availability gives a guarantee that when information of a system is needed, it is available. With these three aspects of computer security, a measure can be taken to uphold security.

In the event of a security breach in the space system, administrators together with the government carry out an investigation on the possible cause or path to breach. In trying to avoid such attacks, the government among nations has embarked on creating awareness on the rise and ways which hackers use to gain access to the system. These efforts of creating awareness have with time born fruits since people now have become very cautious of the links they click on and the websites they visit the internet. For the space system, employees have been educated on the various ways in which they can protect themselves from the wrath of attackers over the internet. In addition, the employees have been made to take an oath of service to the space system which stipulates that under no circumstance will an employee compromise the security of a system by giving out their credentials to attackers. With the employee well informed of the activities of cyber intrusions, they can take caution and act with care to safeguard the space assets.

A strong firewall has been integrated into modern computers to safeguard systems. Firewall mostly protects attacks from the network. A firewall is designed to block attempted connections to one’s computer over the network. Firewalls control the traffic on a network and filter the packets of data flowing over a network. Attackers run malicious codes and try to identify an IP address of a computer in trying to bypass the firewall of any system. Therefore if system administrators and the government integrate strong firewall in their systems, cases of hacking over the network would be minimal. Again to curb attacks from the network, it is up to the administrators to use and connect to secure networks which are not easily tapped b potential attackers.

In the current state of nations now, research centers have been building small satellites with less of hardware but more of software. Such small satellites are being built to ensure faster and effective communications between the ground segments and the space segments. Several of the small satellites are being made, and this means that data and information will be distributed across the many satellites. This kind of distributed system in the space assets help in minimizing cases of cyber-attack. When data is centralized, and a breach occurs, an entire mission is compromised, and huge data is lost but in a case of a distributed system, data is distributed, and hence in case of an attack on one satellite, the entire mission is not compromised. Attackers find it challenging to link the satellites and therefore making it difficult to crack the codes of all those satellites in the earth’s orbit.

Backing up of data in a separate disk could help recover such data in case of loss. In this regard, it is important for research centers around the globe to understand that any data in a computer system is subject to hacking and therefore measures have to be taken to ensure in cases of an attack, all data is not lost. For this reason, backup systems have been established, and data has been stored in such secondary systems for retrieval purposes in the case of data loss. Hackers target primary sources of data thinking they will compromise an entire mission of a nation. But in the case of data backup, an attack may not have much effect on the mission of a government body like NASA.

In conclusion, cybersecurity issues have been there will always be there as long as technology keeps on advancing. For this reason, it is upon any organization or a government body to take initiatives in ensuring they do not fall victims of cybercrime. Therefore to secure the space assets, administrators can install strong antivirus software in their system to prevent access or entry by any malicious software. This antivirus would work with the firewall to protect the systems over the network. Again it would be good to limit the access rights of employees to certain segments of space systems. Once these measures are implemented, cases of cyber-attack would be very minimal. Finally, it is important to understand that security begins at an individual level so embracing confidentiality and integrity on the systems people deal with daily would greatly protect critical data entailed in space assets.

References

10 Ways to Prevent Cyber Attacks | The Capacity Group. (2019). Retrieved from https://capcoverage.com/index.php/10-ways-to-prevent-cyber-attacks/

Baylon, “Challenges at the Intersection of Cyber Security and Space Security,” Chatham House, London, 2014.

China’s hacking against U.S. on the rise: U.S. intelligence official. (2019). Retrieved from https://www.reuters.com/article/us-usa-cyber-china/chinas-hacking-against-u-s-on-the-rise-u-s-intelligence-official-idUSKBN1OA1TB

Falco, G. (2018). Cybersecurity Principles for Space Systems. Journal of Aerospace Information Systems, 16(2), 61-70.

Falco, G. (2018). The Vacuum of Space Cyber Security. In 2018 AIAA SPACE and Astronautics Forum and Exposition (p. 5275). https://cve.mitre.org/

Livingstone, D., & Lewis, P. (2016). Space, the Final Frontier for Cybersecurity?. Chatham House, September.

MITRE, “Common Vulnerabilities and Exposures,” MITRE, 2016. [Online]. Available:

K. Martin, “Inadequate Security Practices Expose Key NASA Network to Cyber Attack,” NASA, Washington, DC, 2011.

K. Martin, “NASA Cybersecurity: An Examination of the Agency’s Information Security,” NASA, 2011.

Top 10 Most Common Types of Cyber Attacks. (2019). Retrieved from https://blog.netwrix.com/2018/05/15/top-10-most-common-types-of-cyber-attacks/