As part of pioneering the security of satellite communication in space, NASA is funding a groundbreaking project at the University of Miami’s Frost Institute for Data Science and Computing (IDSC) which will enable augmenting traditional large satellites with nanosatellites or constellations of nanosatellites.
These nanosatellites are designed to accomplish diverse goals, ranging from communication and weather prediction to Earth science research and observational data gathering. Technical innovation is a hallmark of NASA, a global leader in the development of novel technologies that enable US space missions and translate to a wide variety of applications from Space and Earth science to consumer goods and to national and homeland security.
With advances in satellite technology and reduced cost of deployment and operation, nanosatellites also come with significant challenges for the protection of their communication networks. Specifically, small satellites are owned and operated by a wide variety of public and private sector organizations, expanding the attack surface for cyber exploitation. The scenario is similar to Wi-Fi network vulnerabilities. These systems provide an opportunity for adversaries to threaten national security as well as raise economic concerns for satellite companies, operators, and users.
In the spring of 2023, a team of cybersecurity researchers from Thales, a multinational technology company, successfully hacked into the European Space Agency’s (ESA) nanosatellite, OPS-SAT, during the ESA’s cybersecurity exercise known as the Hack CYSAT challenge. This ethical hack attempt revealed potential vulnerabilities in satellite systems and aimed to understand the real impact of a cyberattack on space infrastructure.
Thales researchers were able to gain access to OPS-SAT’s onboard system using standard access rights, enabling control of its application environment. The intrusion allowed manipulation of the satellite’s global positioning system, attitude control system, and onboard camera. Exploiting vulnerabilities, the hackers injected malicious code, compromising data transmitted back to Earth and modifying captured images.
The primary objective of this exercise: raise awareness about potential flaws and vulnerabilities in satellite systems, fostering effective remediation. Pierre-Yves Jolivet, VP Cyber Solutions at Thales, emphasized the need to enhance the cyber resilience of satellites and space programs, pointing to both ground segments and orbital systems.
While the ESA’s satellite vulnerabilities are concerning, commercial satellites face even greater risks. Previous instances include a hacker building a $25 tool to breach SpaceX’s Starlink system, which boasts a constellation of around 3,600 satellites in low-Earth orbit. Additionally, reports indicated that Russia successfully hacked mainstream satellite internet systems, and Anonymous claimed to have infiltrated Russian spy satellites in response to geopolitical events.
These incidents underscore the significance of addressing cybersecurity in satellite systems as the world witnesses an increase in private players entering space exploration and satellite deployment.
An IDSC Collaboration: NASA’s Strategic Move to Enhance Satellite Security
NASA’s science programs often engage academic institutions to explore national challenges leading to research efforts that produce insights and strategic solutions.
Dr. Yelena Yesha, Knight Foundation Endowed Chair, Professor of Computer Science and Director of IDSC AI and Machine Learning, was approached by NASA to help address this critical issue. What resulted is a project to investigate the efficacy of emerging zero trust architectures for small satellite networks and to facilitate the translation of recent research to meet the needs of a growing security problem.
Yesha is leading this project as its Principal Investigator, with extensive experience in cybersecurity and satellite communication through the Center of Excellence in Space Data and Information Sciences (CESDIS) at the NASA Goddard Space Flight Center. Yesha assembled the team to work on this project: Stephen Dennis, Dr. Phuong Nguyen, Dr. Yusen Wu, Alex Pissinou-Makki and Kevin Padron.
The project is examining recently developed blockchain technology to improve protection for inter-satellite communication. It is clear that blockchain architectures may offer additional controls for transactions between users, devices, and services, that can improve security. Stephen Dennis explains, “Our system will enforce zero trust cybersecurity principles by scrutinizing every transaction in the system, examining user credentials and permissions for requested operations, and further inhibiting malicious actors from attacking system resources.”
The project will document operationally relevant use cases, which can be used to demonstrate a proof of concept that can inform cybersecurity for the simulation environment as well as be an important indicator for potential applications in satellite systems. Dennis elaborates,“In addition to the controls blockchain offers, it allows for the simulation of concepts in a low-cost environment. Because nanosatellites are lower cost and will be more prolific. the potential scale of operations is more expansive. It will be important to examine large-scale system simulations to ensure that security designs can keep pace with the expanding network of satellites. For instance, there is a prediction for 2,080 nanosatellites to be deployed by 2027.”
Beyond the economic and security implications for NASA science and space missions, the initiative also takes into account the multifaceted role of satellites. From monitoring weather patterns, crops, and movements on Earth to providing commercial support to government organizations, satellites play a pivotal role in a variety of critical domains. With the emergence of the U.S. Space Force, military activities in space have gained prominence, adding an additional layer of national security interest.
Yesha emphasized the urgency of securing communication in space due to the increasing reliance on satellites across different sectors, clarifying the project aims: “The goal is to bridge the existing gap in commercial satellite communication security, acknowledging the potential risks associated with unauthorized access and corruption. This sits at the intersection of AI, blockchain technology, and space exploration, and this technological convergence marks a significant leap to address the complex challenges of securing communication in space.”
Yesha noted that NASA is simulating the space environment for validating the effectiveness of the integrated technologies, so while still in its nascency, the exploration of AI and blockchain offers a glimpse to potentially reshape how we approach satellite-based activities in various sectors.
Unraveling the Implications of Hacking Nanosatellites: A Closer Look at Access Points and Earth Observation
Stephen Dennis surfaced some of the implications of hacking nanosatellites. He explained that hacking a nanosatellite isn’t fundamentally different from hacking any other resource, but rather, “it’s about exploiting access points and understanding what a compromised satellite can offer in terms of connecting to interesting assets.”
The significance of the nanosatellite as an access point, itself, potentially leads to the control or disablement of resources. The subsequent compromise may then be used across internal or connected systems and networks. Securing communications is a crucial countermeasure, with a prime objective to restrict access for specific roles. Dennis confirmed, “in this project we scrutinize transactions involving the satellite, e.g. tasking, access, and operation, to verify that only authorized individuals can perform appropriate actions using authorized services.”
Dennis explained the current role of satellites, particularly those initiatives involving NASA’s Earth Observation Projects: “From NASA’s perspective for this specific project, it’s all about Earth observation.” He recounted attending a recent workshop where researchers shared ideas and algorithms aimed at enhancing the science around Earth observation. He further noted the diverse applications of satellite technology to improve weather and climate monitoring, hydrology, and the study of water resources. Dennis added these problem domains are representative of strategic issues related to satellite systems:
“We believe that the results of this research will have broader implications for space-based applications as well as other critical infrastructure systems. For instance, satellites contribute to observing changes in the state of Florida’s water systems due to urban development. Beyond this, nanosatellites are also instrumental in studying volcanic activity, ocean ecology, atmospheric chemistry, and other critical elements shaping the Earth’s environment.”
Dennis highlighted the work of researchers at the University of Miami studying reefs and coral reef destruction, and he stressed the…