Cyber Best Practices for Small Satellites

October 2019
Topics: Safeguard and Secure Cyberspace, Cybersecurity, Cyber Threat Intelligence, Collaborations
Samuel Visner, The MITRE Corporation
Download PDF (293.99 KB)

Ensuring our national and economic security is urgent, especially as LEO space is exploited in new ways. In addition, our national interests require that we protect our nation’s business and critical infrastructures. Private companies are orbiting payloads for research, communication, and manufacturing purposes that enhance economic competitiveness and security. The commercialization of LEO is creating an information technology eco-system that serves many infrastructures (communication, transportation, education); these new infrastructures will feature far more connected devices (IPv6), high-speed interconnectivity (5G wireless) and AI-mediated management of myriad resources.

 As these infrastructures are introduced, their cybersecurity and resiliency will be of paramount importance. To the extent that this new information technology eco-system is supported by LEO, the US government and commercial industry needs to ensure cybersecurity for the emerging LEO commercial participants. Industry needs effective and affordable approaches, while the U.S. government must maintain effective oversight, licensing, and regulation of these companies and set international standards for all players. Like other industries, the need to balance effective cybersecurity with other factors will assume increasing importance. For example, exquisite—but costly—measures for cyber protection could be required to allow companies to launch, but these measures might come at the expense of space commerce. What is an effective approach to ensure cybersecurity that respects the economics of small satellites and LEO?

As an example of a pending decision to mandate greater protections in satellites, the following excerpt from the US Federal Communications Commission Notice of Proposed Rulemaking frames the discussion around the encryption of command and control messaging to satellites:

 “As a practical matter, most satellites do operate with secure encrypted communications links, and all operators have an interest in securing against unauthorized actors interfering with their mission.  Certain low-cost satellite missions—some CubeSats or other small satellites, particularly those operated for academic purposes—may not use encryption for telemetry, tracking, and command communication links. The developers in these cases may have concluded that the costs or time associated with implementing encryption of telemetry, tracking, and command communications outweigh the potential risks.  Some have observed that a satellite outfitted with onboard propulsion capabilities could pose some risk to the operations of other spacecraft if a malevolent actor were able to take control of and command the satellite and that encryption should therefore be required… We seek comment on whether to include any provisions in our rules concerning encryption for telemetry, tracking, and command communications for satellites with propulsion capabilities, and propose to add a requirement to our operational rules.”

It should be added that the workloads supported by these satellites may or may not have security, either.

To meet current and emerging cybersecurity and resilience obligations without stifling innovation, a set of "resilient space best practices" guidelines should be established and made available. We envision a guidebook, developed in collaboration with government, industry, and other stakeholders. Such a guidebook would include straightforward approaches, such as the encryption of command/control channels between ground and satellite; the use of design practices to segregate major subsystems onboard a satellite to reduce system-to-system coupling vulnerabilities; and separation of downlinked mission data and ground-based processors using protected interfaces. Overall, these guidelines could convey one or more “reference architectures” that show builders and operators what technologies could be brought together and implemented to strengthen cybersecurity and resilience.

These guidelines would include also the ‘top N’ things that must be done for a company to be allowed to fly, employing a prudent balance of cybersecurity and resiliency features. This concept has been adopted in other domains, such as wireless medical devices and threat-sharing. Real time operational coordination and use of an advanced information sharing infrastructure is being done in other critical infrastructures such as energy, transportation and manufacturing. In this presentation, we tailor the principles used in these other applications to the LEO domain.

The discussion following is structured as follows: we identify some of the pressing threats to smallsats in LEO. We then describe analogous systems that face similar threats; namely the use by the healthcare industry of wireless infusion pumps and the threats that they face, and the approach taken to address these threats.  Finally, we relate these processes to space systems.

Download PDF (293.99 KB)

Publications

Interested in MITRE's Work?

MITRE provides affordable, effective solutions that help the government meet its most complex challenges.
Explore Job Openings

Publication Search