From farms to factories, taxi cabs to telework – our world relies on satellite systems to function. How can we protect this orbital infrastructure from cyberthreats?
Some of the most critical infrastructure for planet Earth isn’t actually on Earth.
Take the case of KA-SAT: In February 2022, the European communication satellite was taken off-line as part of a cyber-attack timed with the Russian invasion of Ukraine. Ukrainian communications were hobbled but this was not the only critical infrastructure affected.
Thousands of miles from the battlefield, this same disruption caused 5,800 wind turbines in Germany to lose satellite monitoring and remote control. While the turbines were safe, the power was not. Redundant transmission smoothed the impact, but the KA-SAT attack highlights a significant weak point in our critical infrastructure: Space.
“The incapacitation or destruction of our space systems would have a debilitating effect on our economic and national security,” says Kerry Buckley, vice president, Center for Advanced Aviation System Development (CAASD)
The 16 critical infrastructure sectors—food, health, power, financial services, and other vital networks—all rely on a massive network of satellites and ground stations. Emerging missions, including transportation, mining, colonization, and space-based manufacturing, are only increasing the use of the nation’s space infrastructure.
MITRE is studying our reliance on, and the reliability of, this orbital infrastructure to help identify and mitigate potential cybersecurity threats.
All 16 critical infrastructure sectors—food, health, power, financial services, and other vital networks—rely on space systems.
American Infrastructure Depends on Space Systems
When the U.S. military opened GPS to public use in 1983, the explosive adoption of Position, Navigation and Timing (PNT) services and remote sensing was a distant dream. Today, these technologies are ubiquitous.
Another big change? The explosive growth of commercial space launches. Increasing more than 20-fold, in just the last 20 years. Space operations alone generated over 440 billion dollars of economic activity in 2020 and may reach 1 trillion dollars by 2030, if not earlier.
“Everything now depends on space systems,” says Samuel Visner, MITRE technical fellow and vice chair of the board of directors of the Space Information Sharing and Analysis Center (Space ISAC). The Space ISAC is a group of aerospace, software, and space system companies supporting better cybersecurity in space.
He notes, “Satellites guide the trucks going to the grocery store, and tractors in the fields. Remote sensing updates farmers on the health of their crops. Maritime systems, transportation systems, health systems, they all rely on what’s in space.”
These systems are so vital that Visner and others argue they should be formally designated as critical infrastructure—and safeguarded as such.
“Commercial space is becoming more integrated into our lives all the time. That makes it a target that can be leveraged by our adversaries,” says Theresa Suloway, MITRE program manager and space cybersecurity expert.
“Preemptively developing best practices and guides for the commercial space industry can help prevent permanent problems.”
Preparing Space Systems for Cyberattacks
This threat has not gone unnoticed. In February 2020, the White House issued Executive Order 13095 to strengthen national resilience through responsible use of PNT services. Space Policy Directive 5 followed in September that year, laying out cybersecurity principles to ensure America’s freedom of action in space.
The concern goes beyond just shutting down the satellites. At DefCon, the largest cybersecurity conference in the world, hackers demonstrated the ability to take over, re-orient, and even broadcast their own feeds from abandoned satellites. A disruption or satellite collision in low-Earth orbit—the most densely packed and useful slice of sky—could have global consequences.
Agencies like the National Institute for Standards and Technology and U.S. Space Force have reached out for help, working with, and leveraging commercial providers to help ensure the security of space assets.
MITRE is in a unique position to assist. Since 2014, MITRE has operated the nation’s first and only FFRDC dedicated to cybersecurity. As a key partner with industry and government, we are uniquely positioned to help define the transition to commercial space systems service use.
MITRE's shared knowledge bases like MITRE ATT&CK®, MITRE Engage™, and D3FEND™, help government and industry leaders protect the critical assets of our nation. Similar structures and systems could help protect our orbital critical infrastructure as well.
MITRE-developed technology already helps secure the GPS system we all rely on. We were also a founding member of the Space ISAC.
In addition to contributing our own applied research, MITRE can act as a convener, bringing together Space Force, NIST, the Space ISAC, and others. This lets us combine perspectives and lead discussions to create a whole-of-nation approach to a secure and sustainable space domain.
“We need to integrate the government’s technical intelligence and engineering abilities with the capabilities of the private sector,” Visner says.
“MITRE is good at that. We have a strong understanding of everything from intelligence matters to engineering of space operators, and we’ve got a deep bench of cyber professionals.
“We can be a big part of the solution.”